Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5893 | 1 Iwonder Designs | 1 Storystream | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/. | |||||
| CVE-2007-2643 | 1 Pinkcrow Designs | 1 Designs Gallery Magazin | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | |||||
| CVE-2007-1361 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376. | |||||
| CVE-2006-5734 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404. | |||||
| CVE-2007-2892 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4270 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 6.9 MEDIUM | N/A |
| Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. | |||||
| CVE-2007-0815 | 1 Uapplication | 1 Uphotogallery | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023. | |||||
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2007-1943 | 1 Acd Systems | 1 Acdsee Photo Manager | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp. | |||||
| CVE-2007-0053 | 1 Asp Siteware | 1 Autodealer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | |||||
| CVE-2006-6245 | 1 Photo Organizer | 1 Photo Organizer | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6803 | 1 Enthrallweb | 1 Ecars | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter. | |||||
| CVE-2007-3195 | 1 Erfan Wiki | 1 Erfan Wiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6528 | 1 Drupal | 1 Chatroom Module | 2025-04-09 | 7.5 HIGH | N/A |
| The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | |||||
| CVE-2007-1544 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 5.0 MEDIUM | N/A |
| Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. | |||||
| CVE-2006-7165 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." | |||||
| CVE-2007-6718 | 1 Mplayer | 1 Mplayer | 2025-04-09 | 4.3 MEDIUM | N/A |
| MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486. | |||||
| CVE-2007-2211 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. | |||||
| CVE-2007-1168 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 7.5 HIGH | N/A |
| Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). | |||||
| CVE-2007-2429 | 1 Manageengine | 1 Passwordmanager Pro | 2025-04-09 | 10.0 HIGH | N/A |
| ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||