Total
29551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1288 | 1 Webmobo | 1 Wbnews | 2025-04-09 | 10.0 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/. | |||||
CVE-2007-0097 | 1 Conexware | 1 Powerarchiver 2006 | 2025-04-09 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. | |||||
CVE-2007-6328 | 1 Dosbox | 1 Dosbox | 2025-04-09 | 7.2 HIGH | N/A |
DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem | |||||
CVE-2007-2106 | 1 Kai Content Management System | 1 Kai Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter. | |||||
CVE-2006-6334 | 1 Citrix | 1 Presentation Server Client | 2025-04-09 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. | |||||
CVE-2008-1725 | 1 Nsoftware | 1 Ibiz E-banking Integrator | 2025-04-09 | 9.0 HIGH | N/A |
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-1425 | 1 Triexa | 1 Sonicmailer Pro | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action. | |||||
CVE-2007-1742 | 1 Apache | 1 Http Server | 2025-04-09 | 3.7 LOW | N/A |
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." | |||||
CVE-2006-6591 | 1 Exlor | 1 Exlor | 2025-04-09 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter. | |||||
CVE-2007-2133 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. | |||||
CVE-2006-6529 | 1 Drupal | 1 Chatroom Module | 2025-04-09 | 7.5 HIGH | N/A |
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. | |||||
CVE-2006-6792 | 1 Mxmania | 1 Calendar Mx Basic | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-2519 | 1 Php Group | 1 Pear | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. | |||||
CVE-2006-6592 | 1 Php | 1 Bloq | 2025-04-09 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php. | |||||
CVE-2007-2640 | 1 Heiko Stamer | 1 Libtmcg | 2025-04-09 | 7.8 HIGH | N/A |
LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards. | |||||
CVE-2006-6375 | 1 Simple Machines | 1 Smf | 2025-04-09 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. | |||||
CVE-2007-0702 | 1 Phpeventman | 1 Phpeventman | 2025-04-09 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php. | |||||
CVE-2007-0534 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." | |||||
CVE-2007-2821 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. | |||||
CVE-2007-2860 | 1 Boastmachine | 1 Boastmachine | 2025-04-09 | 6.5 MEDIUM | N/A |
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action. |