Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5015 | 1 Kietu | 1 Kietu | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter. | |||||
| CVE-2006-7003 | 1 Fusionphp | 1 Fusion Polls | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. | |||||
| CVE-2007-4327 | 1 Mapos Scripts | 1 File Uploader | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php. | |||||
| CVE-2006-6494 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 6.6 MEDIUM | N/A |
| Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers. | |||||
| CVE-2006-5874 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | |||||
| CVE-2007-2331 | 1 Shop-script | 1 Shop-script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter. | |||||
| CVE-2007-1927 | 1 Youngzsoft | 1 Cmailserver | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | |||||
| CVE-2007-1946 | 1 Microsoft | 1 Windows Xp | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. | |||||
| CVE-2007-4502 | 1 Joomla | 1 Bibtex | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter. | |||||
| CVE-2007-0135 | 1 Aratix | 1 Aratix | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. | |||||
| CVE-2007-1112 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2025-04-09 | 10.0 HIGH | N/A |
| Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | |||||
| CVE-2007-3494 | 1 Papoo | 1 Papoo | 2025-04-09 | 6.8 MEDIUM | N/A |
| Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact. | |||||
| CVE-2007-1022 | 1 Turuncu Portal | 1 Turuncu Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3869 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05. | |||||
| CVE-2007-5242 | 1 Hp | 1 Openvms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." | |||||
| CVE-2007-4482 | 1 Wordpress | 1 Pool | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-3824 | 1 Mehmet Zati Karahan | 1 Mzk Blog | 2025-04-09 | 10.0 HIGH | N/A |
| SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | |||||
| CVE-2007-3800 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. | |||||
| CVE-2009-4041 | 1 Usebb | 1 Usebb | 2025-04-09 | 5.0 MEDIUM | N/A |
| UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags. | |||||
| CVE-2007-1892 | 1 Akamai Technologies | 1 Download Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. | |||||