Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5933 | 1 Ultrasite | 1 Ultrasite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4530 | 1 Teamspeak | 1 Web Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. | |||||
| CVE-2006-6643 | 1 Fightersoft Multimedia | 1 Star Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments. | |||||
| CVE-2007-0476 | 1 Gentoo | 1 Linux | 2025-04-09 | 4.6 MEDIUM | N/A |
| The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2007-3204 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7087 | 1 Dotdeb | 1 Dotdeb Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable. | |||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | |||||
| CVE-2007-6382 | 1 Robocode | 1 Robocode | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method. | |||||
| CVE-2006-6341 | 1 Mg.blattl | 1 Mg.applanix | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php. | |||||
| CVE-2007-0601 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-09 | 7.5 HIGH | N/A |
| common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. | |||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2007-3499 | 1 Slackroll | 1 Slackroll | 2025-04-09 | 6.4 MEDIUM | N/A |
| SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures. | |||||
| CVE-2007-2507 | 1 Treble Designs | 1 1024 Cms | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter. | |||||
| CVE-2006-7057 | 1 Sphider | 1 Sphider | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2. | |||||
| CVE-2006-5664 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2025-04-09 | 4.6 MEDIUM | N/A |
| The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | |||||
| CVE-2007-4406 | 1 Universal Ircd | 1 Ircu | 2025-04-09 | 7.5 HIGH | N/A |
| ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split. | |||||
| CVE-2006-6206 | 1 Warhound | 1 Warhound General Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2007-0881 | 1 Openi-cms Group | 1 Openi-cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750. | |||||
| CVE-2006-5391 | 1 Xfire | 1 Xfire | 2025-04-09 | 5.0 MEDIUM | N/A |
| Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777. | |||||
| CVE-2006-5589 | 1 Ledgersmb | 1 Ledgersmb | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm. | |||||