Total
29561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4824 | 1 Google | 1 Picasa | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2006-5665 | 1 Spider Friendly | 1 Spider Friendly | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-3569 | 1 Softlink Europe | 1 Oliver Library Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. | |||||
| CVE-2007-4028 | 1 Webspell | 1 Webspell | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6468 | 1 Xerox | 1 Workcentre | 2025-04-09 | 5.8 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates. | |||||
| CVE-2007-3094 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server. | |||||
| CVE-2007-0929 | 1 Guillaume Fontaine | 1 Php Rrd Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | |||||
| CVE-2006-7120 | 1 Osu Open Source Lab | 1 Maintain | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php | |||||
| CVE-2007-1633 | 1 Giorgio Ciranni | 1 Splatt Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php. | |||||
| CVE-2007-0561 | 1 Xero Portal | 1 Xero Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. | |||||
| CVE-2007-4499 | 1 American Financing | 1 Email Image Upload | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5249 | 1 Tagit | 1 Tagboard | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter. | |||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | |||||
| CVE-2007-3226 | 1 Dotproject | 1 Dotproject | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. | |||||
| CVE-2006-5926 | 1 Vallheru | 1 Vallheru | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2483 | 1 Ruben Boelinger | 1 Wp-table | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter. | |||||
| CVE-2007-0484 | 1 Enthusiast | 1 Enthusiast | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1926 | 1 Jbmc Software | 1 Directadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. | |||||
| CVE-2006-4404 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. | |||||
| CVE-2007-2250 | 1 Phorum | 1 Phorum | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. | |||||