Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0079 | 1 Rblog | 1 Rblog | 2025-04-09 | 7.8 HIGH | N/A |
| rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. | |||||
| CVE-2007-2663 | 1 Beacon | 1 Beacon | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. | |||||
| CVE-2006-5524 | 1 Phplist | 1 Phplist | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | |||||
| CVE-2006-6097 | 1 Gnu | 1 Tar | 2025-04-09 | 4.0 MEDIUM | N/A |
| GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | |||||
| CVE-2006-6524 | 1 Ezhrs | 1 Hr Assist | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter. | |||||
| CVE-2007-0724 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.9 MEDIUM | N/A |
| The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console. | |||||
| CVE-2007-6718 | 1 Mplayer | 1 Mplayer | 2025-04-09 | 4.3 MEDIUM | N/A |
| MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486. | |||||
| CVE-2007-4388 | 1 2wire | 2 1701hg Router, 2071 Router | 2025-04-09 | 10.0 HIGH | N/A |
| 2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default. | |||||
| CVE-2007-4326 | 1 Mapos Scripts | 1 Bilder Uploader | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts. | |||||
| CVE-2007-4485 | 1 Butterfly | 1 Butterfly | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter. | |||||
| CVE-2007-3553 | 1 Oracle | 2 Application Server, Rapid Install Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6814 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. | |||||
| CVE-2006-5236 | 1 4homepages | 1 4images | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter. | |||||
| CVE-2007-6198 | 1 Bea | 1 Aqualogic Interaction | 2025-04-09 | 5.0 MEDIUM | N/A |
| portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter. | |||||
| CVE-2007-1970 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks. | |||||
| CVE-2006-6274 | 1 Expinion.net | 2 Inews Publisher, News Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher. | |||||
| CVE-2006-7119 | 1 Phpgiggle | 1 Phpgiggle | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter. | |||||
| CVE-2007-2429 | 1 Manageengine | 1 Passwordmanager Pro | 2025-04-09 | 10.0 HIGH | N/A |
| ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2159 | 1 Drupal | 1 Database Administration Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. | |||||
| CVE-2006-6030 | 1 Futuretec | 1 E-calendar Pro | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information. | |||||