Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3461 | 1 Elkagroup | 1 Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2006-6553 | 1 Mxbb | 1 Mxbb Newssuite | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
| CVE-2007-0694 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. | |||||
| CVE-2007-2542 | 1 Workbench Survival Guide | 1 Workbench Survival Guide | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-1956 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter. | |||||
| CVE-2006-5663 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2025-04-09 | 4.6 MEDIUM | N/A |
| IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | |||||
| CVE-2007-0151 | 1 Mitisoft | 1 Mitisoft | 2025-04-09 | 7.5 HIGH | N/A |
| MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. | |||||
| CVE-2006-6440 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues." | |||||
| CVE-2006-7078 | 1 Professional Home Page Tools Login Script | 1 Professional Home Page Tools Login Script | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources. | |||||
| CVE-2007-0485 | 1 Webchat.org | 1 Webchat | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter. | |||||
| CVE-2007-0785 | 1 Flipsource | 1 Flip | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | |||||
| CVE-2007-2368 | 1 Webspell | 1 Webspell | 2025-04-09 | 5.0 MEDIUM | N/A |
| picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. | |||||
| CVE-2007-4091 | 1 Rsync | 1 Rsync | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. | |||||
| CVE-2007-0006 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 1.9 LOW | N/A |
| The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion." | |||||
| CVE-2007-3775 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. | |||||
| CVE-2008-0852 | 1 Freesshd | 1 Freesshd | 2025-04-09 | 5.0 MEDIUM | N/A |
| freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference. | |||||
| CVE-2007-2008 | 1 Pl-php | 1 Pl-php | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-2641 | 1 W1l3d4 | 1 Philboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920. | |||||
| CVE-2007-0448 | 1 Php | 1 Php | 2025-04-09 | 10.0 HIGH | N/A |
| The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | |||||
| CVE-2006-6229 | 1 Codewalkers | 1 Ltwcalendar | 2025-04-09 | 5.0 MEDIUM | N/A |
| Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file. | |||||