Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6742 | 1 Hp | 3 Ftp Print Server, Laserjet 5000, Laserjet 5100 | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command. | |||||
| CVE-2006-6920 | 1 Nucleus Cms | 1 Nucleus Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. | |||||
| CVE-2006-5798 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter. | |||||
| CVE-2007-0543 | 1 Zixforum | 1 Zixforum | 2025-04-09 | 9.4 HIGH | N/A |
| ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. | |||||
| CVE-2007-2347 | 2 Oneclick Cms, Sisplet Cms | 2 Oneclick Cms, Sisplet Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. | |||||
| CVE-2006-5844 | 1 Speedywiki | 1 Speedywiki | 2025-04-09 | 5.0 MEDIUM | N/A |
| Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters. | |||||
| CVE-2007-6304 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 5.0 MEDIUM | N/A |
| The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. | |||||
| CVE-2007-2089 | 1 Jx Development | 1 Article Component | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/. | |||||
| CVE-2006-5972 | 1 Netgear | 2 Wg111v2, Wg111v2 Driver | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request. | |||||
| CVE-2007-3483 | 1 Rim | 1 Blackberry Enterprise Server | 2025-04-09 | 10.0 HIGH | N/A |
| Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware. | |||||
| CVE-2007-1018 | 1 Virtualsystem | 1 Vs-news-system | 2025-04-09 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3942 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use | |||||
| CVE-2006-5743 | 1 Mobilesecure | 2 Highwall Endpoint, Highwall Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors. | |||||
| CVE-2006-5791 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-09 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function. | |||||
| CVE-2006-7137 | 1 Tiny Portal | 1 Tiny Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. | |||||
| CVE-2007-0570 | 1 Johannes Gijsbers | 1 Ad Fundum Integratable News Script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter. | |||||
| CVE-2007-1876 | 2 Microsoft, Vmware | 3 Windows 2003 Server, Windows Xp, Workstation | 2025-04-09 | 7.2 HIGH | N/A |
| VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." | |||||
| CVE-2007-6358 | 1 Glyph And Cog | 1 Pdftops | 2025-04-09 | 4.9 MEDIUM | N/A |
| pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS. | |||||
| CVE-2007-3221 | 1 Xoops | 1 Xt-conteudo Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
| CVE-2007-1917 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||