Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0652 | 1 Mailenable | 1 Mailenable Professional | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | |||||
| CVE-2007-1599 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 MEDIUM | N/A |
| wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | |||||
| CVE-2006-5863 | 1 Otterware | 1 Letterit2 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2007-1870 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 7.8 HIGH | N/A |
| lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. | |||||
| CVE-2007-1008 | 1 Apple | 1 Itunes | 2025-04-09 | 2.6 LOW | N/A |
| Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. | |||||
| CVE-2007-4879 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | |||||
| CVE-2006-5440 | 1 Comdev | 1 Comdev Form Designer | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2008-5681 | 1 Opera | 1 Opera Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
| Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. | |||||
| CVE-2007-2088 | 1 Sitebar | 1 Sitebar | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php. | |||||
| CVE-2007-0182 | 1 Scriptaty | 1 Magic Photo Storage Website | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date. | |||||
| CVE-2007-4227 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. | |||||
| CVE-2007-3591 | 1 Elite Bulletin Board | 1 Elite Bulletin Board | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks. | |||||
| CVE-2007-2945 | 1 Rmforum | 1 Rmforum | 2025-04-09 | 5.0 MEDIUM | N/A |
| RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. | |||||
| CVE-2007-1491 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2025-04-09 | 5.2 MEDIUM | N/A |
| Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | |||||
| CVE-2007-0291 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02. | |||||
| CVE-2006-7126 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF. | |||||
| CVE-2009-3984 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | |||||
| CVE-2007-3190 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters. | |||||
| CVE-2007-1705 | 1 Active Trade | 1 Active Trade | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-2412 | 1 Seir Anphin | 1 Seir Anphin | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use | |||||