Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6892 | 1 Jonathon Freeman | 1 Ovbb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable. | |||||
| CVE-2007-2419 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | |||||
| CVE-2007-1602 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2006-6343 | 1 Neocrome | 1 Seditio | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6974 | 1 Headstart Solutions | 1 Deskpro | 2025-04-09 | 7.5 HIGH | N/A |
| Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. | |||||
| CVE-2007-2712 | 1 Mh Software | 1 Connect Daily | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors. | |||||
| CVE-2007-4115 | 1 Itcms | 1 Itcms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php. | |||||
| CVE-2007-2369 | 2 Php, Webspell | 2 Php, Webspell | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2006-4251 | 1 Powerdns | 1 Recursor | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. | |||||
| CVE-2007-2345 | 1 Codewand | 1 Phpbrowse | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-4027 | 1 Areca | 1 Cli | 2025-04-09 | 6.6 MEDIUM | N/A |
| Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid. | |||||
| CVE-2006-7110 | 1 Drupal | 1 Imce Module | 2025-04-09 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | |||||
| CVE-2006-5383 | 1 Def-blog | 1 Def-blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | |||||
| CVE-2007-2208 | 1 Extreme Phpbb | 1 Extreme Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/. | |||||
| CVE-2006-6923 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. | |||||
| CVE-2009-0667 | 1 Ocsinventory-ng | 2 Ocs Inventory Ng, Ocsinventory-agent | 2025-04-09 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory. | |||||
| CVE-2008-0716 | 1 Symantec | 1 Altiris Notification Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack. | |||||
| CVE-2006-4809 | 1 Enlightenment | 1 Imlib2 | 2025-04-09 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image. | |||||
| CVE-2007-1339 | 1 Monitor-line | 1 Links Management | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter. | |||||
| CVE-2007-3330 | 1 Stphp | 1 Easynews | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization. | |||||