Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5277 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. | |||||
| CVE-2006-7068 | 1 Cliserv | 1 Web Community | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3. | |||||
| CVE-2007-1825 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3. | |||||
| CVE-2007-2511 | 1 Php | 1 Php | 2025-04-09 | 7.2 HIGH | N/A |
| Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. | |||||
| CVE-2006-6825 | 1 Mxmania | 1 Calendar Mx Basic | 2025-04-09 | 7.5 HIGH | N/A |
| Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0417 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 10.0 HIGH | N/A |
| BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. | |||||
| CVE-2007-2608 | 1 Miplex2 | 1 Miplex2 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter. | |||||
| CVE-2007-2303 | 1 News Manager Deluxe | 1 News Manager Deluxe | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. | |||||
| CVE-2006-5196 | 1 Motorola | 1 Surfboard | 2025-04-09 | 7.8 HIGH | N/A |
| The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter. | |||||
| CVE-2006-4177 | 1 Novell | 1 Edirectory | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | |||||
| CVE-2007-0284 | 1 Oracle | 2 Application Server, Collaboration Suite | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. | |||||
| CVE-2007-0807 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. | |||||
| CVE-2007-2684 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. | |||||
| CVE-2007-2099 | 1 Openconcept | 1 Back-end Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter. | |||||
| CVE-2007-1778 | 1 Eve-nuke | 1 Eve-nuke Forum | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-3188 | 1 Geometrix Download Portal | 1 Geometrix Download Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4007 | 1 Article Directory | 1 Article Directory | 2025-04-09 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2007-2865 | 1 Phppgadmin | 1 Phppgadmin | 2025-04-09 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
| CVE-2006-6408 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-09 | 5.0 MEDIUM | N/A |
| Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2007-0678 | 1 Fullaspsite | 1 Asp Hosting Site | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter. | |||||