Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2025-04-09 | 7.8 HIGH | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2006-5671 | 1 Free Php Scripts | 1 Free Image Hosting | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7088 | 1 Simple Php Forum | 1 Simple Php Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. | |||||
| CVE-2007-4193 | 1 Ide Group | 1 Dvd Rental System Drs | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | |||||
| CVE-2007-3306 | 1 Ultrize | 1 Minibill | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489. | |||||
| CVE-2006-5423 | 1 Lou Portail | 1 Lou Portail | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-2426 | 1 Wildbits | 1 Mygallery | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter. | |||||
| CVE-2007-1961 | 1 Phpbb | 1 Mutant | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6750 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226. | |||||
| CVE-2007-0510 | 1 Awffull | 1 Awffull | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries. | |||||
| CVE-2009-0389 | 1 Eztools-software | 1 Web On Windows Activex | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. | |||||
| CVE-2006-7205 | 1 Php Group | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | |||||
| CVE-2007-1715 | 1 Free Php Scripts | 1 Free Image Hosting | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763. | |||||
| CVE-2007-0360 | 1 Oreon Project | 1 Oreon | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2006-6745 | 1 Sun | 2 J2se, Jre | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. | |||||
| CVE-2007-0657 | 1 Alientrap | 1 Nexuiz | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. | |||||
| CVE-2006-5852 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327. | |||||
| CVE-2007-0302 | 1 Instantasp | 1 Instantasp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. | |||||
| CVE-2006-5623 | 1 Ee Tool | 1 Ee Tool | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | |||||
| CVE-2007-3537 | 1 Ibm | 1 Os 400 | 2025-04-09 | 7.8 HIGH | N/A |
| IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. | |||||