Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3025 | 2 Clam Anti-virus, Sun | 2 Clamav, Solaris | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. | |||||
| CVE-2008-4587 | 1 Acresso | 1 Flexnet Connect | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders. | |||||
| CVE-2007-2624 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2847 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812. | |||||
| CVE-2006-6758 | 1 Http Explorer | 1 Http Explorer Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI. | |||||
| CVE-2006-6341 | 1 Mg.blattl | 1 Mg.applanix | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php. | |||||
| CVE-2007-1584 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. | |||||
| CVE-2006-5736 | 1 Punbb | 1 Punbb | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | |||||
| CVE-2006-6743 | 1 Phpprofiles | 1 Phpprofiles | 2025-04-09 | 4.6 MEDIUM | N/A |
| phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php. | |||||
| CVE-2006-5539 | 1 Ueberproject Management System | 1 Ueberproject Management System | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter. | |||||
| CVE-2007-2293 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 7.6 HIGH | N/A |
| Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. | |||||
| CVE-2007-2721 | 1 Jasper Jpeg-2000 | 1 Jasper Jpeg-2000 | 2025-04-09 | 4.3 MEDIUM | N/A |
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | |||||
| CVE-2006-5237 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5729 | 1 Yazd | 1 Yazd Discussion Forum | 2025-04-09 | 6.5 MEDIUM | N/A |
| Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users. | |||||
| CVE-2006-7011 | 1 Develooping | 1 Flash Chat | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value | |||||
| CVE-2006-5984 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable. | |||||
| CVE-2006-6439 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 7.8 HIGH | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors. | |||||
| CVE-2007-3811 | 1 Esyndicat | 1 Esyndicat Directory | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. | |||||
| CVE-2007-0483 | 1 Enthusiast | 1 Enthusiast | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6935 | 1 Portix-php | 1 Portix-php | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields. | |||||