Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4283 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | |||||
| CVE-2006-5801 | 1 Owfs | 1 Owfs | 2025-04-09 | 5.0 MEDIUM | N/A |
| The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell. | |||||
| CVE-2006-4580 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 7.5 HIGH | N/A |
| register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". | |||||
| CVE-2007-2783 | 1 Rational Software | 1 Hidden Administrator | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE. | |||||
| CVE-2007-0286 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07. | |||||
| CVE-2007-0131 | 1 Jamwiki | 1 Jamwiki | 2025-04-09 | 7.5 HIGH | N/A |
| JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. | |||||
| CVE-2006-6410 | 1 Vmware | 1 Workstation | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function. | |||||
| CVE-2006-6990 | 1 Advanced Search Technologies Inc. | 1 Enigma Browser | 2025-04-09 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2007-2602 | 1 Progress | 1 Whatsup Gold | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. | |||||
| CVE-2007-3601 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 2.1 LOW | N/A |
| vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. | |||||
| CVE-2006-7002 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195. | |||||
| CVE-2006-6173 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. | |||||
| CVE-2007-0055 | 1 Fersch | 1 Formbankserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3254 | 1 Xythos | 1 Enterprise Document Manager | 2025-04-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server. | |||||
| CVE-2007-2481 | 1 Ruben Boelinger | 1 Wordtube | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | |||||
| CVE-2006-7044 | 1 Cmpro Team | 1 Clan Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | |||||
| CVE-2006-6338 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/. | |||||
| CVE-2007-2942 | 1 My Little Homepage | 1 My Little Forum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2304 | 1 Qdblog | 1 Qdblog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files. | |||||
| CVE-2006-5490 | 1 Middlebury College | 1 Segue Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||