Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3077 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2007-1367 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. | |||||
| CVE-2006-5146 | 1 Yblog | 1 Yblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php. | |||||
| CVE-2007-2937 | 1 Troforum | 1 Troforum | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. | |||||
| CVE-2007-2382 | 1 Mad4milk | 1 Moo.fx | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2006-7131 | 1 Jinzora | 1 Jinzora | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter. | |||||
| CVE-2007-3666 | 1 Symantec | 1 Norton Ghost | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function. | |||||
| CVE-2007-2202 | 1 Acvsws | 1 Acvsws Php5 | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter. | |||||
| CVE-2006-5755 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task. | |||||
| CVE-2006-6724 | 1 Bolintech | 1 Dream Ftp Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command. | |||||
| CVE-2007-0625 | 1 Nomachine | 1 Nx Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service. | |||||
| CVE-2006-6823 | 1 Yrch | 1 Yrch | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-6391 | 1 Open Solution | 1 Quick.cart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | 7.5 HIGH | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | |||||
| CVE-2007-3071 | 1 Digital River | 1 Esellerate Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. | |||||
| CVE-2007-0265 | 1 Ezboxx | 1 Portal System Beta | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. | |||||
| CVE-2007-0405 | 1 Django Project | 1 Django | 2025-04-09 | 6.5 MEDIUM | N/A |
| The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. | |||||
| CVE-2006-5458 | 1 Hinton Design | 1 Phpht Topsites | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter. | |||||
| CVE-2009-4332 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | |||||
| CVE-2008-1836 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 4.3 MEDIUM | N/A |
| The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. | |||||