Total
29548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5540 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 4.0 MEDIUM | N/A |
| backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." | |||||
| CVE-2007-0149 | 1 Ememberspro | 1 Ememberspro | 2025-04-09 | 7.5 HIGH | N/A |
| EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. | |||||
| CVE-2007-1786 | 1 Hitachi | 5 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-3346 | 1 Php Accounts | 1 Php Accounts | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter. | |||||
| CVE-2006-5556 | 1 Hp | 1 Hp-ux | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable. | |||||
| CVE-2006-5849 | 1 Irayoblog | 1 Irayoblog | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter. | |||||
| CVE-2006-5371 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Email Center component in Oracle E-Business Suite 11.5.9 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS07. | |||||
| CVE-2007-1900 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | |||||
| CVE-2007-4386 | 1 Getmyownarcade | 1 Getmyownarcade | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2007-4126 | 1 Sun | 1 Solaris | 2025-04-09 | 1.5 LOW | N/A |
| Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs. | |||||
| CVE-2007-1977 | 1 Holacms | 1 Holacms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter. | |||||
| CVE-2006-6022 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-6551 | 1 Tucows | 1 Client Code Suite | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter. | |||||
| CVE-2007-3646 | 1 Flashgamescript | 1 Flashgamescript | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. | |||||
| CVE-2006-7056 | 1 Dreamcost | 1 Hostadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791. | |||||
| CVE-2007-0762 | 1 Phpbb\+\+ | 1 Phpbb\+\+ | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-3696 | 1 Broadcom | 1 Erwin Data Model Validator | 2025-04-09 | 7.8 HIGH | N/A |
| CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference. | |||||
| CVE-2007-3600 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 4.0 MEDIUM | N/A |
| WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. | |||||
| CVE-2006-6923 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. | |||||
| CVE-2006-5113 | 1 Yuuki Yoshizawa | 1 Exporia | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||