Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5067 | 1 Php System Administration Toolkit | 1 Php System Administration Toolkit | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used | |||||
| CVE-2006-6469 | 1 Xerox | 1 Workcentre | 2025-04-09 | 5.8 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon. | |||||
| CVE-2007-0973 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. | |||||
| CVE-2006-5218 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-09 | 4.6 MEDIUM | N/A |
| Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. | |||||
| CVE-2006-5020 | 1 Solidstate | 1 Solidstate | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php. | |||||
| CVE-2007-3080 | 1 Hunkaray Okul | 1 Portaly | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2025-04-09 | 5.0 MEDIUM | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | |||||
| CVE-2006-4691 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. | |||||
| CVE-2007-0924 | 1 Till Gerken | 1 Phppolls | 2025-04-09 | 7.5 HIGH | N/A |
| Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764. | |||||
| CVE-2006-5932 | 1 Kahua | 1 Kahua | 2025-04-09 | 7.5 HIGH | N/A |
| Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts. | |||||
| CVE-2007-1756 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". | |||||
| CVE-2008-0294 | 1 Freeseat | 1 Freeseat | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. | |||||
| CVE-2006-6566 | 1 Mxbb | 1 Mxbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2007-3819 | 1 Opera | 1 Opera Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | |||||
| CVE-2007-2304 | 1 Qdblog | 1 Qdblog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files. | |||||
| CVE-2007-3111 | 2 Microsoft, Provideo | 3 Internet Explorer, Windows 2000, Camimage Activex Control | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. | |||||
| CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2250 | 1 Phorum | 1 Phorum | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. | |||||
| CVE-2007-2032 | 1 Cisco | 1 Wireless Control System | 2025-04-09 | 7.5 HIGH | N/A |
| Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. | |||||