Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6612 | 1 Phpmycms | 1 Phpmycms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter. | |||||
| CVE-2006-5127 | 1 Conpresso | 1 Conpresso Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php. | |||||
| CVE-2007-1494 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". | |||||
| CVE-2007-2247 | 1 Phpmyspace | 1 Phpmyspace | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2006-7007 | 1 H. Nomura | 1 Tiny Ftpd | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133. | |||||
| CVE-2006-6286 | 1 Palm | 1 Palm Desktop | 2025-04-09 | 1.7 LOW | N/A |
| Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4432 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | |||||
| CVE-2006-5046 | 1 Joomla | 1 Rs Gallery2 | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files." | |||||
| CVE-2006-7075 | 1 Aqualung | 1 Aqualung | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file. | |||||
| CVE-2007-3076 | 1 Zenturi | 1 Zenturi Programchecker | 2025-04-09 | 7.8 HIGH | N/A |
| A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function. | |||||
| CVE-2007-4059 | 1 Vmware | 1 Workstation | 2025-04-09 | 5.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method. | |||||
| CVE-2007-0805 | 1 Hp | 1 Tru64 | 2025-04-09 | 2.1 LOW | N/A |
| The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. | |||||
| CVE-2006-5976 | 1 Drumster | 1 Blogme | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2025-04-09 | 6.4 MEDIUM | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | |||||
| CVE-2007-3129 | 1 Utopia Software | 1 Utopia News Pro | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. | |||||
| CVE-2007-1805 | 1 Myxoops | 1 Debaser | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter. | |||||
| CVE-2007-1226 | 1 Mcafee | 1 Virex | 2025-04-09 | 4.1 MEDIUM | N/A |
| McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. | |||||
| CVE-2007-0849 | 1 Syscp Team | 1 Syscp | 2025-04-09 | 7.2 HIGH | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568. | |||||
| CVE-2007-0076 | 1 2enetworx | 1 Openforum | 2025-04-09 | 7.5 HIGH | N/A |
| Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. | |||||
| CVE-2007-4888 | 1 Xwiki | 1 Xwiki | 2025-04-09 | 3.5 LOW | N/A |
| The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. | |||||