Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6964 | 1 Mailenable | 1 Mailenable Professional | 2025-04-09 | 4.0 MEDIUM | N/A |
| MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | |||||
| CVE-2007-2247 | 1 Phpmyspace | 1 Phpmyspace | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2007-2694 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6551 | 1 Tucows | 1 Client Code Suite | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter. | |||||
| CVE-2007-0233 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. | |||||
| CVE-2007-0549 | 1 212cafe | 1 212cafeboard | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0278 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | |||||
| CVE-2007-3440 | 1 Snom | 2 320 Sip Phone, Snom 320 Linux | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800. | |||||
| CVE-2007-3725 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 4.3 MEDIUM | N/A |
| The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference. | |||||
| CVE-2007-2482 | 1 Ruben Boelinger | 1 Wordtube | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter. | |||||
| CVE-2008-1353 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 4.3 MEDIUM | N/A |
| zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. | |||||
| CVE-2006-5137 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts. | |||||
| CVE-2007-0611 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. | |||||
| CVE-2006-3436 | 1 Microsoft | 1 .net Framework | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". | |||||
| CVE-2006-5241 | 1 Opendock | 1 Easy Gallery | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts. | |||||
| CVE-2006-4579 | 1 The Address Book | 1 The Address Book | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | |||||
| CVE-2007-3535 | 1 Frank Karau | 1 Gl-sh Deaf Forum | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. | |||||
| CVE-2007-4531 | 1 Michal Marcinkowski | 2 Soldat Dedicated Server, Soldat Game Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port. | |||||
| CVE-2007-4407 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 6.4 MEDIUM | N/A |
| ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass. | |||||