Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0060 | 2 Broadcom, Ca | 24 Advantage Data Transport, Brightstor Portal, Brightstor San Manager and 21 more | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. | |||||
| CVE-2006-6799 | 1 The Cacti Group | 1 Cacti | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. | |||||
| CVE-2006-6688 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7009 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | |||||
| CVE-2007-3827 | 1 Mozilla | 1 Firefox | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window. | |||||
| CVE-2008-6660 | 1 Ozerov | 1 Bigdump | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2608 | 1 Miplex2 | 1 Miplex2 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter. | |||||
| CVE-2007-0332 | 1 Xentraz | 1 Liens Dynamiques | 2025-04-09 | 7.5 HIGH | N/A |
| (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. | |||||
| CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2025-04-09 | 7.5 HIGH | N/A |
| CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. | |||||
| CVE-2006-6197 | 1 B2evolution | 1 B2evolution | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. | |||||
| CVE-2007-0996 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.8 MEDIUM | N/A |
| The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
| CVE-2007-3579 | 1 Phpids | 1 Phpids | 2025-04-09 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-1412 | 1 Php | 1 Php | 2025-04-09 | 7.8 HIGH | N/A |
| The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. | |||||
| CVE-2006-6480 | 1 Scriptphp | 1 Annoncescripthp | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remote attackers to obtain sensitive information via the idmembre parameter, which discloses the passwords for arbitrary users. | |||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | |||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2025-04-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | |||||
| CVE-2006-5571 | 1 Kynoslogic | 1 Cruiseworks | 2025-04-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter. | |||||
| CVE-2007-1572 | 1 Sourceforge | 1 Jgbbs | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0975 | 1 Double-take Software | 1 Double-take | 2025-04-09 | 5.0 MEDIUM | N/A |
| Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value. | |||||
| CVE-2007-4263 | 1 Cisco | 1 Ios | 2025-04-09 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. | |||||