Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0093 | 1 Cms-center | 1 Simple Web Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3829 | 2 Interactual Technologies, Roxio | 2 Interactual Player, Cineplayer | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5109 | 1 Devellion | 1 Cubecart | 2025-04-09 | 5.0 MEDIUM | N/A |
| Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607. | |||||
| CVE-2007-0689 | 1 Mybb | 1 Mybb | 2025-04-09 | 5.0 MEDIUM | N/A |
| MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. | |||||
| CVE-2006-6411 | 1 Linksys | 1 Wip 330 Wireless-g Ip Phone | 2025-04-09 | 7.8 HIGH | N/A |
| PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap. | |||||
| CVE-2007-4320 | 1 Ncaster | 1 Ncaster | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | |||||
| CVE-2007-4170 | 1 Al-athkar | 1 Al-athkar | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php. | |||||
| CVE-2007-4381 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | |||||
| CVE-2007-1130 | 1 Scipter.ch | 1 Gastebuch | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2006-4402 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. | |||||
| CVE-2007-2427 | 1 Pnflashgames | 1 Pnflashgames | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | |||||
| CVE-2006-5839 | 1 Phpadventure | 1 Phpadventure | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter. | |||||
| CVE-2007-0419 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage). | |||||
| CVE-2006-5164 | 1 Sum Effect Software | 1 Digishop | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters. | |||||
| CVE-2007-1324 | 1 Snapgear | 6 560, 580, 585 and 3 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613. | |||||
| CVE-2007-0359 | 1 Uberghey | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2007-1832 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms." | |||||
| CVE-2006-4394 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.5 HIGH | N/A |
| A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. | |||||
| CVE-2006-6780 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter. | |||||