Total
29548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5674 | 1 Minibb | 1 Minibb | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin. | |||||
| CVE-2006-6132 | 1 Softacid | 1 Link Exchange Lite | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp. | |||||
| CVE-2006-5135 | 1 A-blog | 1 A-blog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092. | |||||
| CVE-2007-1058 | 1 Online Web Building | 1 Online Web Building | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. | |||||
| CVE-2006-7131 | 1 Jinzora | 1 Jinzora | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter. | |||||
| CVE-2007-3629 | 1 Levent Veysi Portal | 1 Levent Veysi Portal | 2025-04-09 | 10.0 HIGH | N/A |
| SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0531 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | |||||
| CVE-2006-6074 | 1 Enthrallweb | 1 Eshopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier. | |||||
| CVE-2006-6669 | 1 Webcalendar | 1 Webcalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. | |||||
| CVE-2009-1615 | 1 Gowondesigns | 1 Leap | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request. | |||||
| CVE-2006-6253 | 1 Cahier De Textes | 1 Cahier De Textes | 2025-04-09 | 5.0 MEDIUM | N/A |
| Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql. | |||||
| CVE-2007-4071 | 1 Tincan | 1 Webbler Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter. | |||||
| CVE-2006-5516 | 1 Wikini | 1 Wikini | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php. | |||||
| CVE-2007-4524 | 1 Phpress | 1 Phpress | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2006-5425 | 1 Xorp | 1 Extensible Open Router Platform | 2025-04-09 | 5.0 MEDIUM | N/A |
| XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. | |||||
| CVE-2007-4171 | 1 Auracms | 1 Modul Forum Sederhana | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2932 | 1 Boastmachine | 1 Boastmachine | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. | |||||
| CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2008-7200 | 1 Deliantra | 1 Deliantra | 2025-04-09 | 10.0 HIGH | N/A |
| Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors. | |||||
| CVE-2007-2819 | 1 Track\+ | 1 Track\+ | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter. | |||||