Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0911 | 1 Php | 1 Php | 2025-04-09 | 7.8 HIGH | N/A |
| Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). | |||||
| CVE-2007-4377 | 1 Netwin | 1 Surgemail | 2025-04-09 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372. | |||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2006-5932 | 1 Kahua | 1 Kahua | 2025-04-09 | 7.5 HIGH | N/A |
| Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts. | |||||
| CVE-2006-5154 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. | |||||
| CVE-2006-5898 | 1 Phpheaven | 1 Phpmychat | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter. | |||||
| CVE-2006-6189 | 1 Clicktech | 1 Clickblog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter. | |||||
| CVE-2007-1504 | 1 Fujitsu | 2 Interstage Application Server, Interstage Apworks | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. | |||||
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | |||||
| CVE-2007-0307 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | |||||
| CVE-2006-4251 | 1 Powerdns | 1 Recursor | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. | |||||
| CVE-2007-3519 | 1 Wesmo | 1 Phpeventcalendar | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6441 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 4.6 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive. | |||||
| CVE-2008-0299 | 1 Python Software Foundation | 1 Paramiko | 2025-04-09 | 4.3 MEDIUM | N/A |
| common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. | |||||
| CVE-2009-3884 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | |||||
| CVE-2007-4357 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. | |||||
| CVE-2006-5800 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1421 | 1 Premod Subdog | 1 Premod Subdog | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/. | |||||
| CVE-2007-0672 | 2 Broadcom, Ca | 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more | 2025-04-09 | 7.8 HIGH | N/A |
| LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\. | |||||
| CVE-2006-5414 | 1 Barry Nauta | 1 Brim | 2025-04-09 | 5.0 MEDIUM | N/A |
| Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL. | |||||