Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5415 | 1 News Defilante Horizontale | 1 News Defilante Horizontale | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1435 | 1 D-link | 1 Tftp Server | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4521 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. | |||||
| CVE-2006-7055 | 1 Sweetphp | 1 Totalcalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922. | |||||
| CVE-2006-6135 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). | |||||
| CVE-2006-6039 | 1 Powie | 1 Php Matchmaker | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter. | |||||
| CVE-2006-5650 | 1 Aol | 1 Icq | 2025-04-09 | 7.5 HIGH | N/A |
| The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | |||||
| CVE-2006-5603 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-0623 | 1 Maxdev | 1 Mdpro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | |||||
| CVE-2007-0526 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | |||||
| CVE-2007-2300 | 1 Surat Kabar | 1 Phpwebnews | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. | |||||
| CVE-2006-5189 | 1 Klinza | 1 Klinza Professional Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter. | |||||
| CVE-2007-0019 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. | |||||
| CVE-2007-1606 | 1 W-agora | 1 W-agora | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. | |||||
| CVE-2006-6154 | 1 Hscripts | 1 Hiox Star Rating System Script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
| CVE-2007-3398 | 1 Perception | 1 Liteweb | 2025-04-09 | 5.0 MEDIUM | N/A |
| LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages. | |||||
| CVE-2007-1782 | 1 Cruiseworks | 1 Cruiseworks | 2025-04-09 | 4.6 MEDIUM | N/A |
| CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-7201 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 9.3 HIGH | N/A |
| EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. | |||||
| CVE-2009-3006 | 1 Maxthon | 1 Maxthon Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
| Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. | |||||
| CVE-2007-4486 | 1 Linkliste | 1 Linkliste | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter. | |||||