Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-5543 | 1 Pgosd | 1 Pgosd | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-2762 | 1 Build It Fast | 1 Build It Fast | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/. | |||||
| CVE-2007-1384 | 1 Joris Guisson | 1 Ktorrent | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename. | |||||
| CVE-2006-6803 | 1 Enthrallweb | 1 Ecars | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter. | |||||
| CVE-2007-4449 | 1 Toribash | 1 Toribash | 2025-04-09 | 5.0 MEDIUM | N/A |
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. | |||||
| CVE-2007-3299 | 1 Awffull | 1 Awffull | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string. | |||||
| CVE-2006-5637 | 1 Faq Administrator | 1 Faq Administrator | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. | |||||
| CVE-2006-7014 | 1 Bloggit | 1 Bloggit | 2025-04-09 | 7.5 HIGH | N/A |
| admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request. | |||||
| CVE-2007-4312 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action. | |||||
| CVE-2007-1601 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files | |||||
| CVE-2007-3636 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. | |||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | |||||
| CVE-2006-7234 | 1 Lynx | 1 Lynx | 2025-04-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | |||||
| CVE-2007-4108 | 1 Codewidgets | 1 Online Event Registration Template | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-0137 | 1 Serendipitynz | 2 Serene Bach, Serene Bach Sb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0660 | 1 Dotnetnuke | 1 Dotnetnuke Iframe | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." | |||||
| CVE-2007-3234 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2007-0569 | 1 X-dev | 1 Xnews | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. | |||||
| CVE-2007-0130 | 1 Igeneric | 1 Ig Calendar | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||