Total
29858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6069 | 1 Malbum | 1 Malbum | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. | |||||
| CVE-2007-0239 | 1 Openoffice | 1 Openoffice | 2025-04-09 | 9.3 HIGH | N/A |
| OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | |||||
| CVE-2006-7004 | 1 Php Script Tools | 1 Psy Auction | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5479 | 1 Novell | 1 Edirectory | 2025-04-09 | 5.0 MEDIUM | N/A |
| The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." | |||||
| CVE-2007-3518 | 1 Hispah | 1 Youtube Clone Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4251 | 1 Openoffice | 1 Openoffice | 2025-04-09 | 4.3 MEDIUM | N/A |
| OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | |||||
| CVE-2007-3729 | 1 Hp | 1 Openvms | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | |||||
| CVE-2006-5835 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. | |||||
| CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack | |||||
| CVE-2007-1239 | 1 Microsoft | 1 Excel | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. | |||||
| CVE-2007-2988 | 1 Inout Scripts | 1 Inout Meta Search Engine | 2025-04-09 | 7.5 HIGH | N/A |
| A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php. | |||||
| CVE-2007-2433 | 1 Ariadne | 1 Ariadne Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3277 | 1 Wikindx | 1 Wikindx | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | |||||
| CVE-2008-1531 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2025-04-09 | 4.3 MEDIUM | N/A |
| The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. | |||||
| CVE-2009-1381 | 1 Squirrelmail | 3 Imap General.php, Squirrelmail, Squirrelmail1.4.19-1 | 2025-04-09 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579. | |||||
| CVE-2007-2832 | 1 Cisco | 1 Call Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. | |||||
| CVE-2007-0629 | 1 Plain Black | 1 Webgui | 2025-04-09 | 6.4 MEDIUM | N/A |
| The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4156 | 1 Woliocms | 1 Woliocms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php. | |||||
| CVE-2007-0303 | 1 Pancake.org | 1 Zina | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs." | |||||
| CVE-2006-6393 | 1 Jonas Gauffin | 1 Publicera | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function. | |||||