Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6841 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 10.0 HIGH | N/A |
| Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6820 | 1 Enthrallweb | 1 Ecoupons | 2025-04-09 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2007-4180 | 1 Pluck | 1 Pluck | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files | |||||
| CVE-2006-6331 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | 6.0 MEDIUM | N/A |
| metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php. | |||||
| CVE-2007-0616 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. | |||||
| CVE-2006-6042 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter. | |||||
| CVE-2007-2035 | 1 Cisco | 1 Wireless Control System | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. | |||||
| CVE-2006-5794 | 1 Openbsd | 1 Openssh | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. | |||||
| CVE-2007-1635 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2025-04-09 | 9.0 HIGH | N/A |
| Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | |||||
| CVE-2007-3683 | 1 Aigaion | 1 Aigaion | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter. | |||||
| CVE-2006-7038 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service. | |||||
| CVE-2006-6059 | 1 Netgear | 1 Ma521 Driver | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow. | |||||
| CVE-2006-5225 | 1 Aai-portal | 1 Aaiportal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-0810 | 1 Geeklog | 1 Geeklog | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog. | |||||
| CVE-2007-2734 | 1 3com | 8 3crtpx505-73, 3crx506-96, Tippingpoint 200 and 5 more | 2025-04-09 | 7.5 HIGH | N/A |
| The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-1714 | 1 Cccounter | 1 Cccounter | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter. | |||||
| CVE-2006-5437 | 1 Phpadsnew | 1 Phpadsnew | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the phpAds_config[language] parameter. NOTE: this issue could not be reproduced by a third party | |||||
| CVE-2007-2744 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657. | |||||
| CVE-2007-0120 | 1 Acunetix | 1 Web Vulnerability Scanner | 2025-04-09 | 1.9 LOW | N/A |
| Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. | |||||
| CVE-2007-0969 | 1 Webtester | 1 Webtester | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. | |||||