Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2919 | 1 E-book Systems | 1 Flipviewer | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.
|
|||||
| CVE-2007-1901 | 1 Sonicbb | 1 Sonicbb | 2025-04-09 | 4.3 MEDIUM | N/A |
|
SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message.
|
|||||
| CVE-2007-3923 | 1 Cisco | 3 Wide Area Application Engine, Wide Area Application Engine Nm-wae-502, Wide Area Application Services | 2025-04-09 | 7.8 HIGH | N/A |
|
The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.
|
|||||
| CVE-2007-3071 | 1 Digital River | 1 Esellerate Sdk | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
|
|||||
| CVE-2007-3649 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
|
|||||
| CVE-2006-5231 | 1 Grandstream | 1 Gxp-2000 | 2025-04-09 | 7.8 HIGH | N/A |
|
Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
|
|||||
| CVE-2007-1182 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 6.4 MEDIUM | N/A |
|
WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
|
|||||
| CVE-2006-5885 | 1 Dynamic Dataworx | 1 Nustore | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter.
|
|||||
| CVE-2007-2456 | 1 Firefly | 1 Firefly | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.
|
|||||
| CVE-2006-5067 | 1 Php System Administration Toolkit | 1 Php System Administration Toolkit | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used
|
|||||
| CVE-2007-1241 | 1 Audins Audiens | 1 Audins Audiens | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5447 | 1 Dev | 1 Dev Web Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2007-1852 | 1 Ben3w | 1 2bgal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used
|
|||||
| CVE-2008-5344 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
|
|||||
| CVE-2006-5127 | 1 Conpresso | 1 Conpresso Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
|
|||||
| CVE-2007-4102 | 1 Sblog | 1 Sblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string.
|
|||||
| CVE-2007-3353 | 1 Mywebland | 1 Myevent | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class.
|
|||||
| CVE-2006-5595 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing.
|
|||||
| CVE-2007-0653 | 2 Linux, X Multimedia System | 2 Linux Kernel, X Multimedia System | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
|
|||||
| CVE-2006-6147 | 1 Jiros | 1 Links Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.
|
|||||
| CVE-2006-5458 | 1 Hinton Design | 1 Phpht Topsites | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.
|
|||||
| CVE-2006-5413 | 1 Supermod | 1 Supermod | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php.
|
|||||
| CVE-2006-5927 | 1 Asp Scripter | 2 Easy Portal, Live Support | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter.
|
|||||
| CVE-2007-0566 | 1 Asp News | 1 Asp News | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1565 | 1 Kde | 1 Konqueror | 2025-04-09 | 7.8 HIGH | N/A |
|
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
|
|||||
| CVE-2006-6448 | 1 Vt-forum | 1 Vt-forum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-5590 | 1 Articlebeach | 1 Articlebeach Script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2007-4126 | 1 Sun | 1 Solaris | 2025-04-09 | 1.5 LOW | N/A |
|
Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.
|
|||||
| CVE-2007-3135 | 1 Atom | 1 Photoblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
|
|||||
| CVE-2009-1447 | 1 E-cart | 1 Free Shopping Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
|
|||||
| CVE-2007-0945 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."
|
|||||
| CVE-2007-3118 | 1 K-letter | 1 K-letter | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php.
|
|||||
| CVE-2007-3415 | 1 Phpraider | 1 Phpraider | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.
|
|||||
| CVE-2007-0606 | 1 W-agora | 1 W-agora | 2025-04-09 | 5.0 MEDIUM | N/A |
|
w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.
|
|||||
| CVE-2007-1812 | 1 Bt-sondage | 1 Bt-sondage | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter.
|
|||||
| CVE-2007-2073 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session.
|
|||||
| CVE-2007-3262 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.
|
|||||
| CVE-2007-1811 | 1 Chapi | 1 Tiny Event | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
|
|||||
| CVE-2007-0872 | 1 Plain Old Webserver | 1 Plain Old Webserver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
|
|||||
| CVE-2007-3885 | 1 Aspindir | 1 Husrevforum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||