Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3417 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function. | |||||
| CVE-2006-5979 | 1 Renasoft | 1 Netjetserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2007-3984 | 1 Zenturi | 1 Zenturi Programchecker | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987. | |||||
| CVE-2007-0095 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | |||||
| CVE-2007-1874 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.2 HIGH | N/A |
| Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/. | |||||
| CVE-2006-5030 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2007-2234 | 1 Punbb | 1 Punbb | 2025-04-09 | 7.5 HIGH | N/A |
| include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php. | |||||
| CVE-2006-5227 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable. | |||||
| CVE-2007-2464 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2025-04-09 | 7.1 HIGH | N/A |
| Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions." | |||||
| CVE-2007-3096 | 1 Pblang | 1 Pblang | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2006-6216 | 1 Nivisec | 1 Hacks List | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter. | |||||
| CVE-2007-1722 | 1 Signkorea | 1 Skcommax Activex Control | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument. | |||||
| CVE-2007-0224 | 1 Virtual Programming | 1 Vp-asp | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. | |||||
| CVE-2006-6250 | 1 Songbird | 1 Songbird Media Player | 2025-04-09 | 7.8 HIGH | N/A |
| Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked. | |||||
| CVE-2007-0159 | 1 Geoip | 1 Geoip | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename. | |||||
| CVE-2006-6744 | 1 Phpprofiles | 1 Phpprofiles | 2025-04-09 | 2.1 LOW | N/A |
| phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. | |||||
| CVE-2006-6437 | 1 Xerox | 1 Workcentre | 2025-04-09 | 7.8 HIGH | N/A |
| ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file. | |||||
| CVE-2006-5427 | 1 Php Amx | 1 Php Amx | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter. | |||||
| CVE-2007-0996 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.8 MEDIUM | N/A |
| The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
| CVE-2007-0824 | 1 Lightro | 1 Lightro Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter. | |||||