Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6190 | 1 Anna Irc Bot | 1 Anna\^ Irc Bot | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues. | |||||
| CVE-2007-0290 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06). | |||||
| CVE-2007-2462 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. | |||||
| CVE-2007-2596 | 1 Agner Fog | 1 Aforum | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter. | |||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.8 HIGH | 8.1 HIGH |
| Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. | |||||
| CVE-2007-4356 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. | |||||
| CVE-2007-0384 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-7200 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 9.0 HIGH | N/A |
| EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. | |||||
| CVE-2007-3402 | 1 Pagetool | 1 Pagetool | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. | |||||
| CVE-2006-6834 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." | |||||
| CVE-2006-5030 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2007-0851 | 1 Trend Micro | 23 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 20 more | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. | |||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2025-04-09 | 10.0 HIGH | N/A |
| Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | |||||
| CVE-2006-5367 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community. | |||||
| CVE-2007-2564 | 1 Sienzo | 1 Digital Music Mentor | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function. | |||||
| CVE-2006-6149 | 1 Jiros | 1 Faq Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter. | |||||
| CVE-2007-3534 | 1 Daniel Toma | 1 Webchat | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter. | |||||
| CVE-2007-1628 | 1 Studiewijzer | 1 Studiewijzer | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files. | |||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | |||||
| CVE-2007-1289 | 1 Tyger | 1 Bug Tracking System | 2025-04-09 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||