Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3446 | 1 Bugmall | 1 Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access. | |||||
| CVE-2006-4169 | 1 Squirrelmail | 1 Gpg Plugin | 2025-04-09 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. | |||||
| CVE-2007-0469 | 1 Rubyforge | 1 Rubygems | 2025-04-09 | 9.3 HIGH | N/A |
| The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. | |||||
| CVE-2008-1312 | 1 Packettrap | 1 Pt360 Tool Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311. | |||||
| CVE-2006-5493 | 1 Digitalhive | 1 Digitalhive | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2007-2472 | 1 Sendcard | 1 Sendcard | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0463 | 1 Apple | 1 Software Update | 2025-04-09 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. | |||||
| CVE-2007-2105 | 1 Monkey Cms | 1 Monkey Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter. | |||||
| CVE-2007-2947 | 1 David Branco | 1 Openbase | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. | |||||
| CVE-2006-6057 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function. | |||||
| CVE-2007-1172 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit." | |||||
| CVE-2006-5374 | 1 Oracle | 1 Pharmaceutical | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01. | |||||
| CVE-2006-7125 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. | |||||
| CVE-2006-6840 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | |||||
| CVE-2006-5009 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow. | |||||
| CVE-2007-1733 | 1 Intervations | 1 Navicopa Web Server | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. | |||||
| CVE-2007-3170 | 1 Uebimiau | 1 Uebimiau | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | |||||
| CVE-2007-3257 | 1 Gnome | 1 Evolution | 2025-04-09 | 6.8 MEDIUM | N/A |
| Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | |||||
| CVE-2006-5131 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | 7.5 HIGH | N/A |
| module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php. | |||||
| CVE-2006-6782 | 1 Pnamazu | 1 Pnamazu | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||