Total
29858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3974 | 1 Jblog | 1 Jblog | 2025-04-09 | 7.5 HIGH | N/A |
| admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters. | |||||
| CVE-2006-6673 | 1 Winftp Server | 1 Winftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands. | |||||
| CVE-2007-2502 | 1 Hp | 1 Procurve Switch 9300m | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. | |||||
| CVE-2007-0799 | 1 Uapplication | 1 Ublog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5887 | 1 Dynamic Dataworx | 1 Nuschool | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | |||||
| CVE-2007-0975 | 1 Apache Stats | 1 Apache Stats | 2025-04-09 | 5.0 MEDIUM | N/A |
| Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array. | |||||
| CVE-2009-0318 | 1 Gnome | 1 Gnumeric | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2007-2964 | 1 F-secure | 1 Policy Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. | |||||
| CVE-2006-5371 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Email Center component in Oracle E-Business Suite 11.5.9 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS07. | |||||
| CVE-2006-5447 | 1 Dev | 1 Dev Web Management System | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2007-2805 | 1 Clientexec | 1 Clientexec | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters. | |||||
| CVE-2007-4322 | 1 Ac Zoom | 1 Blockhosts | 2025-04-09 | 6.8 MEDIUM | N/A |
| BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765. | |||||
| CVE-2007-3955 | 1 Linkedin | 1 Toolbar | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2060 | 1 Wizz Computers | 1 Wizz Rss Reader | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM. | |||||
| CVE-2009-3884 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
| The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | |||||
| CVE-2007-3577 | 1 Phpids | 1 Phpids | 2025-04-09 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2008-7168 | 1 Uusee | 2 Uusee, Uuupgrade.ocx | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009. | |||||
| CVE-2006-5154 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. | |||||
| CVE-2006-6414 | 1 Dol Storye | 1 Dol Storye | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye allow remote attackers to execute arbitrary SQL commands via the (1) id_doc or (2) id_aut parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | |||||