Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5463 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. | |||||
| CVE-2007-4017 | 1 Citrix | 1 Access Gateway | 2025-04-09 | 7.6 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. | |||||
| CVE-2007-2474 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070. | |||||
| CVE-2007-0027 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. | |||||
| CVE-2006-5110 | 1 Php Invoice | 1 Php Invoice | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-3486 | 1 Altavista | 1 Search Engine | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI. | |||||
| CVE-2006-7015 | 1 Jobline | 1 Jobline | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests | |||||
| CVE-2007-0810 | 1 Geeklog | 1 Geeklog | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog. | |||||
| CVE-2007-3809 | 1 Prozilla | 1 Prozilla Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | |||||
| CVE-2007-0929 | 1 Guillaume Fontaine | 1 Php Rrd Browser | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | |||||
| CVE-2007-1749 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. | |||||
| CVE-2009-4412 | 1 S9y | 1 Serendipity | 2025-04-09 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1123 | 1 Zpanel | 1 Zpanel | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1059 | 1 Ultimate Fun Book | 1 Ultimate Fun Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error. | |||||
| CVE-2009-4451 | 1 Php.html | 1 Kandalf Upper | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in fileup/. | |||||
| CVE-2006-6093 | 1 Picturespro | 1 Picturespro Photo Cart | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters. | |||||
| CVE-2006-5778 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2025-04-09 | 4.6 MEDIUM | N/A |
| ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. | |||||
| CVE-2007-2161 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-4113 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2025-04-09 | 3.5 LOW | N/A |
| Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors. | |||||
| CVE-2006-6249 | 1 Chama Cargo | 1 Chama Cargo | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||