Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0787 | 1 Simple Invoices | 1 Simple Invoices | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5360 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 6.4 MEDIUM | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. | |||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2025-04-09 | 7.8 HIGH | N/A |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | |||||
| CVE-2008-7014 | 1 Fhttpd | 1 Fhttpd | 2025-04-09 | 5.0 MEDIUM | N/A |
| fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value. | |||||
| CVE-2006-5553 | 1 Cisco | 3 Security Agent, Unified Callmanager, Unified Presence Server | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options. | |||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-2549 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter. | |||||
| CVE-2006-6513 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 3.5 LOW | N/A |
| The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function. | |||||
| CVE-2006-4154 | 1 Apache | 1 Http Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. | |||||
| CVE-2007-1662 | 1 Pcre | 1 Pcre | 2025-04-09 | 5.0 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | |||||
| CVE-2007-2086 | 1 Cnstats | 1 Cnstats | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/. | |||||
| CVE-2007-1990 | 1 Sam Crew | 1 Myblog | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0535 | 1 Vote Pro | 1 Vote Pro | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | |||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2025-04-09 | 5.0 MEDIUM | N/A |
| Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | |||||
| CVE-2007-0027 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. | |||||
| CVE-2007-0132 | 1 Igeneric | 1 Ig Shop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6348 | 1 Mowdbb | 1 Mowdbb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter. | |||||
| CVE-2006-5818 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 7.2 HIGH | N/A |
| Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2025-04-09 | 10.0 HIGH | N/A |
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||