Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7033 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box. | |||||
| CVE-2007-3128 | 1 Ibm | 1 Websphere Portal | 2025-04-09 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2006-6512 | 1 Flippet.org | 1 Winamp Web Interface | 2025-04-09 | 3.5 LOW | N/A |
| Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter. | |||||
| CVE-2007-2469 | 1 Filerun | 1 Filerun | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2007-0693 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | |||||
| CVE-2007-4016 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-3848 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 1.9 LOW | N/A |
| Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). | |||||
| CVE-2007-5273 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 2.6 LOW | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. | |||||
| CVE-2007-0576 | 1 Xt-stats | 1 Xt-stats | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter. | |||||
| CVE-2006-6670 | 1 Nortel | 1 Callpilot Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | |||||
| CVE-2006-6318 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-09 | 5.0 MEDIUM | N/A |
| The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3975 | 1 Elite Forum | 1 Elite Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412. | |||||
| CVE-2007-3002 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | |||||
| CVE-2007-3120 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3579 | 1 Phpids | 1 Phpids | 2025-04-09 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2006-6453 | 1 J-owamp | 1 Web Interface | 2025-04-09 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter. | |||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2025-04-09 | 5.0 MEDIUM | N/A |
| Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | |||||
| CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2025-04-09 | 7.5 HIGH | N/A |
| CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. | |||||
| CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-5086 | 1 Pixel Motion | 1 Pixel Motion Blog | 2025-04-09 | 6.4 MEDIUM | N/A |
| Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not. | |||||