Total
29561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0331 | 1 Xentraz | 1 Liens Dynamiques | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. | |||||
| CVE-2006-6466 | 1 Wikyblog | 1 Wikyblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use. | |||||
| CVE-2008-5697 | 2 Mozilla, Skype | 2 Firefox, Skype Extension For Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument. | |||||
| CVE-2007-1268 | 1 Mutt | 1 Mutt | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-3256 | 1 Xythos | 3 Digital Locker, Enterprise Document Manager, Webfile Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. | |||||
| CVE-2006-5971 | 1 Verity | 1 Ultraseek | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. | |||||
| CVE-2006-6384 | 1 John Goodman | 1 Abitwhizzy | 2025-04-09 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084. | |||||
| CVE-2006-6793 | 1 Okul Merkezi | 1 Okul Merkezi Portal | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2007-1823 | 1 T-mobile | 1 Voice Mail Systems | 2025-04-09 | 10.0 HIGH | N/A |
| T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-1220 | 1 Microsoft | 1 Xbox 360 | 2025-04-09 | 6.2 MEDIUM | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. | |||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php. | |||||
| CVE-2009-2975 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. | |||||
| CVE-2006-6102 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X Server | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | |||||
| CVE-2006-5421 | 1 Wsn Forum | 1 Wsn Forum | 2025-04-09 | 7.5 HIGH | N/A |
| WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability. | |||||
| CVE-2007-0566 | 1 Asp News | 1 Asp News | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-7207 | 1 Ageet | 1 Agephone | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors. | |||||
| CVE-2007-0659 | 1 Modxcms | 1 Filedownload | 2025-04-09 | 7.5 HIGH | N/A |
| download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. | |||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6638 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 5.0 MEDIUM | N/A |
| IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | |||||
| CVE-2007-2681 | 1 B2evolution | 1 B2evolution | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter. | |||||