Total
29863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3647 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | 10.0 HIGH | N/A |
| The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3013 | 1 Activeweb | 1 Contentserver | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. | |||||
| CVE-2007-0757 | 1 Miguel Nunes | 1 Call Of Duty 2 Dreamstats System | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | |||||
| CVE-2006-6671 | 1 Maxiasp | 1 Burak Yilmaz Download Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1915 | 7 Apple, Hp, Ibm and 4 more | 10 Macos, Hp-ux, Tru64 and 7 more | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2007-1025 | 1 Virtualsystem | 1 Vs-link-partner | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter. | |||||
| CVE-2007-1834 | 1 Cisco | 2 Unified Callmanager, Unified Presence Server | 2025-04-09 | 7.8 HIGH | N/A |
| Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. | |||||
| CVE-2007-1585 | 1 Linksys | 2 Wag200g, Wrt54gc | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5304 | 1 Inccms Technology | 1 Inccms Core | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2007-2290 | 1 Cafelog | 1 B2 | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466. | |||||
| CVE-2007-3002 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-09 | 5.0 MEDIUM | N/A |
| PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | |||||
| CVE-2007-1706 | 1 Ewebquiz | 1 Ewebquiz | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. | |||||
| CVE-2006-6588 | 1 Apache | 1 Ofbiz | 2025-04-09 | 7.5 HIGH | N/A |
| The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | |||||
| CVE-2008-6712 | 1 Ea | 1 Crysis | 2025-04-09 | 5.0 MEDIUM | N/A |
| The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference. | |||||
| CVE-2007-3726 | 1 Rarlab | 1 Unrar | 2025-04-09 | 4.3 MEDIUM | N/A |
| Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. | |||||
| CVE-2007-3332 | 1 Php-nuke | 1 Satel Lite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action. | |||||
| CVE-2006-6102 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X Server | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | |||||
| CVE-2007-0760 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | 7.5 HIGH | N/A |
| EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer. | |||||
| CVE-2007-4018 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 6.8 MEDIUM | N/A |
| Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. | |||||
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||