Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5976 | 1 Drumster | 1 Blogme | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2150 | 1 Bluearc | 1 Titan | 2025-04-09 | 7.8 HIGH | N/A |
| BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | |||||
| CVE-2006-7036 | 1 Andys Chat | 1 Andys Chat | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated. | |||||
| CVE-2006-6029 | 1 Property Pro | 1 Property Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field. | |||||
| CVE-2006-6052 | 1 Netepi Case Manager | 1 Netepi Case Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2007-3688 | 1 Dotclear | 1 Dotclear | 2025-04-09 | 2.6 LOW | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages. | |||||
| CVE-2007-0655 | 1 Microworld Technologies | 1 Escan | 2025-04-09 | 10.0 HIGH | N/A |
| The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222. | |||||
| CVE-2007-0974 | 1 Ian Bezanson | 1 Dropbox | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability. | |||||
| CVE-2007-4521 | 1 Asterisk | 1 Asterisk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. | |||||
| CVE-2007-4080 | 1 Alstrasoft | 1 E-friends | 2025-04-09 | 6.4 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564. | |||||
| CVE-2006-6368 | 1 Awrate | 1 Awrate | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php. | |||||
| CVE-2007-3092 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. | |||||
| CVE-2007-1878 | 1 Parakey Inc. | 1 Firebug | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name. | |||||
| CVE-2007-0791 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1378 | 1 Php | 1 Php | 2025-04-09 | 5.1 MEDIUM | N/A |
| The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments. | |||||
| CVE-2007-1961 | 1 Phpbb | 1 Mutant | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-4397 | 6 Irssi, Kristof Korwisi, Mikachu and 3 more | 7 Irssi, Ixmmsa, L33t Xmms Music Showing Script and 4 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||||
| CVE-2009-1574 | 1 Ipsec-tools | 1 Ipsec-tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | |||||
| CVE-2006-6641 | 5 Arcserve, Broadcom, Cleverpath and 2 more | 11 Brightstor, Cleverpath Portal, Aion Bpm and 8 more | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server. | |||||
| CVE-2007-0922 | 1 Radical Technologies | 1 Portal Search | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||