Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6045 | 1 Comdev | 1 Comdev One Admin Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php. | |||||
| CVE-2006-5816 | 1 Dmitry Sheiko | 1 Business Card Web Builder | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946. | |||||
| CVE-2007-0909 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | |||||
| CVE-2007-1338 | 1 Apple | 1 Airport Extreme | 2025-04-09 | 7.5 HIGH | N/A |
| The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. | |||||
| CVE-2006-6224 | 1 Puntal | 1 Puntal | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array. | |||||
| CVE-2007-3402 | 1 Pagetool | 1 Pagetool | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. | |||||
| CVE-2008-4728 | 1 Hummingbird | 1 Deployment Wizard | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. | |||||
| CVE-2006-6206 | 1 Warhound | 1 Warhound General Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2007-1445 | 1 Betaparticle | 1 Betaparticle Blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter. | |||||
| CVE-2007-0138 | 1 Fersch | 1 Formbankserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0977 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 7.1 HIGH | N/A |
| IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. | |||||
| CVE-2006-4513 | 1 Wvware | 1 Wvware | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. | |||||
| CVE-2007-0296 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. | |||||
| CVE-2006-6647 | 1 Drupal | 1 Drupal Mysite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-5058 | 1 Activision | 3 Call Of Duty, Call Of Duty 2, Call Of Duty United Offensive | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. | |||||
| CVE-2007-1305 | 1 Savas Place | 1 Savas Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters. | |||||
| CVE-2007-0240 | 1 Zope | 1 Zope | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. | |||||
| CVE-2007-3664 | 1 Eltima Software | 1 Runservice | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Eltima Software RunService ActiveX control (RunService.dll) allow remote attackers to cause a denial of service via certain functions when "improperly used", as demonstrated by the AcceptControls subroutine. | |||||
| CVE-2008-0061 | 1 Maradns | 1 Maradns | 2025-04-09 | 5.0 MEDIUM | N/A |
| MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records." | |||||
| CVE-2007-0638 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2025-04-09 | 5.0 MEDIUM | N/A |
| show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. | |||||