Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29551 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1288 1 Webmobo 1 Wbnews 2025-04-09 10.0 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
CVE-2007-0097 1 Conexware 1 Powerarchiver 2006 2025-04-09 9.3 HIGH N/A
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.
CVE-2007-6328 1 Dosbox 1 Dosbox 2025-04-09 7.2 HIGH N/A
DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem
CVE-2007-2106 1 Kai Content Management System 1 Kai Content Management System 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter.
CVE-2006-6334 1 Citrix 1 Presentation Server Client 2025-04-09 6.8 MEDIUM N/A
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
CVE-2008-1725 1 Nsoftware 1 Ibiz E-banking Integrator 2025-04-09 9.0 HIGH N/A
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.
CVE-2007-1425 1 Triexa 1 Sonicmailer Pro 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
CVE-2007-1742 1 Apache 1 Http Server 2025-04-09 3.7 LOW N/A
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
CVE-2006-6591 1 Exlor 1 Exlor 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter.
CVE-2007-2133 1 Oracle 1 Peoplesoft Enterprise 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01.
CVE-2006-6529 1 Drupal 1 Chatroom Module 2025-04-09 7.5 HIGH N/A
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview.
CVE-2006-6792 1 Mxmania 1 Calendar Mx Basic 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2519 1 Php Group 1 Pear 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
CVE-2006-6592 1 Php 1 Bloq 2025-04-09 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.
CVE-2007-2640 1 Heiko Stamer 1 Libtmcg 2025-04-09 7.8 HIGH N/A
LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards.
CVE-2006-6375 1 Simple Machines 1 Smf 2025-04-09 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
CVE-2007-0702 1 Phpeventman 1 Phpeventman 2025-04-09 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.
CVE-2007-0534 1 Drupal 2 Project, Project Issue Tracking Module 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."
CVE-2007-2821 1 Wordpress 1 Wordpress 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
CVE-2007-2860 1 Boastmachine 1 Boastmachine 2025-04-09 6.5 MEDIUM N/A
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.