Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5312 | 1 Phpbb | 1 Ajax Shoutbox | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5623 | 1 Ee Tool | 1 Ee Tool | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | |||||
| CVE-2009-3004 | 1 Avant Force | 1 Avant Browser | 2025-04-09 | 4.3 MEDIUM | N/A |
| Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | |||||
| CVE-2007-2620 | 1 Jakub Steiner | 1 Original | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter. | |||||
| CVE-2007-4624 | 1 Abledesign | 1 Dynamic Picture Frame | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4067 | 1 Clever Components | 1 Internet Activex Suite | 2025-04-09 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3475 | 1 Gd Graphics Library | 1 Gdlib | 2025-04-09 | 4.3 MEDIUM | N/A |
| The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. | |||||
| CVE-2008-6512 | 1 Google | 1 Gears | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain. | |||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | |||||
| CVE-2006-5737 | 1 Punbb | 1 Punbb | 2025-04-09 | 7.2 HIGH | N/A |
| PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. | |||||
| CVE-2007-4437 | 1 Ampache | 1 Ampache | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information. | |||||
| CVE-2006-6463 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root. | |||||
| CVE-2007-2309 | 1 Flowers | 1 Flowers | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5347 | 1 Oracle | 1 Http Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS04. | |||||
| CVE-2006-5782 | 1 Hp | 1 Openview Client Configuraton Manager | 2025-04-09 | 7.8 HIGH | N/A |
| radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv. | |||||
| CVE-2006-4577 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php. | |||||
| CVE-2007-3920 | 3 Compiz, Gnome, Ubuntu | 3 Compiz, Screensaver, Ubuntu Linux | 2025-04-09 | 6.2 MEDIUM | N/A |
| GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | |||||
| CVE-2007-3660 | 1 Nonnoi Solutions | 1 Asp Barcode | 2025-04-09 | 7.5 HIGH | N/A |
| The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function. | |||||
| CVE-2006-5537 | 1 D-link | 1 Dsl-g624t | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. | |||||
| CVE-2007-1485 | 1 Ftplib | 1 Ftplib | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments | |||||