Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6518 | 1 Scriptphp | 1 Pronews | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php. | |||||
| CVE-2007-2288 | 1 Doruk100.net | 1 Doruk100net | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-3450 | 1 Gorani Network | 1 6alblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1810 | 1 Kaotik | 1 Kshop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | |||||
| CVE-2006-6770 | 1 Jinzora | 1 Jinzora | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php. | |||||
| CVE-2006-5057 | 1 Ktools.net | 1 Photostore | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php. | |||||
| CVE-2006-5620 | 1 Minibill | 1 Minibill | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489. | |||||
| CVE-2007-2663 | 1 Beacon | 1 Beacon | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. | |||||
| CVE-2006-5533 | 1 Aroundme | 1 Aroundme | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401. | |||||
| CVE-2006-7173 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 10.0 HIGH | N/A |
| Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. | |||||
| CVE-2007-3930 | 2 Microsoft, Wiki | 2 Internet Explorer, Dokuwiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. | |||||
| CVE-2006-6507 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. | |||||
| CVE-2007-1914 | 1 Sap | 1 Rfc Library | 2025-04-09 | 7.8 HIGH | N/A |
| The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2006-6024 | 1 Qualcomm | 1 Eudora Worldmail | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-1796 | 2 Comix, Redhat | 2 Comix, Fedora | 2025-04-09 | 4.9 MEDIUM | N/A |
| Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. | |||||
| CVE-2006-6989 | 1 Netcaptor | 1 Netcaptor | 2025-04-09 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6769 | 1 Php Live | 1 Php Live | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php. | |||||
| CVE-2007-0933 | 2 D-link, Microsoft | 2 Dwl-g650\+, Windows Xp | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. | |||||
| CVE-2007-3905 | 1 Zoph | 1 Zoph | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php. | |||||