Total
29858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3976 | 1 Bwired | 1 Bwired | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | |||||
| CVE-2006-5653 | 1 Sun | 1 Java System Messenger Express | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. | |||||
| CVE-2007-2994 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. | |||||
| CVE-2007-2159 | 1 Drupal | 1 Database Administration Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. | |||||
| CVE-2006-6286 | 1 Palm | 1 Palm Desktop | 2025-04-09 | 1.7 LOW | N/A |
| Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2986 | 1 Nexen | 1 Adminbot Mx | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. | |||||
| CVE-2007-3730 | 1 Hp | 1 Openvms | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. | |||||
| CVE-2006-6557 | 1 Skulls | 1 Skulls | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." | |||||
| CVE-2009-3932 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
| The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state." | |||||
| CVE-2006-5740 | 1 Wireshark | 1 Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. | |||||
| CVE-2007-2776 | 1 Alstrasoft | 1 Template Seller | 2025-04-09 | 10.0 HIGH | N/A |
| AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | |||||
| CVE-2007-1928 | 1 Witshare | 1 Witshare | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter. | |||||
| CVE-2006-6531 | 1 Drupal | 1 Help Tip Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. | |||||
| CVE-2007-4387 | 1 2wire | 2 1701hg Router, 2071 Router | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | |||||
| CVE-2007-0915 | 1 Hp | 1 Hp-ux | 2025-04-09 | 10.0 HIGH | N/A |
| Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request. | |||||
| CVE-2007-0211 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | |||||
| CVE-2007-4052 | 1 Nukedit | 1 Nukedit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6459 | 1 Phpbb | 1 Toplist | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action). | |||||
| CVE-2006-5661 | 1 Virtech | 1 Netquery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2007-1578 | 1 Atrium Software | 1 Mercur Imapd | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow. | |||||