Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7184 | 1 Photography-on-the-net | 1 Exhibit Engine 2 | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6569 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | 7.8 HIGH | N/A |
| form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | |||||
| CVE-2007-4212 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag. | |||||
| CVE-2006-6519 | 1 Scriptphp | 1 Pronews | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | |||||
| CVE-2007-0628 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2025-04-09 | 7.5 HIGH | N/A |
| The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||||
| CVE-2006-5056 | 1 Opial | 1 Opial Audio Video Download Management | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view. | |||||
| CVE-2007-0328 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2025-04-09 | 9.3 HIGH | N/A |
| The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method. | |||||
| CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | |||||
| CVE-2007-3371 | 1 Powl | 1 Powl | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter. | |||||
| CVE-2006-5218 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-09 | 4.6 MEDIUM | N/A |
| Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. | |||||
| CVE-2007-1766 | 1 Msxstudios | 1 Advanced Login | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2007-4177 | 1 Interact | 1 Interact | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328. | |||||
| CVE-2007-2174 | 1 Checkpoint | 1 Zonealarm | 2025-04-09 | 7.2 HIGH | N/A |
| The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. | |||||
| CVE-2007-3087 | 1 Peercast | 1 Peercast | 2025-04-09 | 7.8 HIGH | N/A |
| Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information. | |||||
| CVE-2006-6090 | 1 Baalasp | 1 Smart Form Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp. | |||||
| CVE-2006-6995 | 1 V3 Chat | 1 V3chat Instant Messenger | 2025-04-09 | 6.0 MEDIUM | N/A |
| mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. | |||||
| CVE-2009-2974 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property. | |||||
| CVE-2007-4042 | 2 Microsoft, Netscape | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||