Total
29866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0148 | 1 Omnigroup | 1 Omniweb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. | |||||
| CVE-2006-6260 | 1 Redbinaria | 1 Siap Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2007-0793 | 1 Globalmegacorp | 1 Dvddb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | |||||
| CVE-2006-5591 | 1 Pacos Drivers | 1 Pacpoll | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | |||||
| CVE-2006-7101 | 1 Phpwind | 1 Phpwind | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie. | |||||
| CVE-2006-6583 | 1 Scriptmate | 1 User Manager | 2025-04-09 | 7.5 HIGH | N/A |
| ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. | |||||
| CVE-2007-0584 | 1 G-neric | 1 Php Generic Library And Framework | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-1815 | 1 Xoops | 1 Library Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-5234 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable | |||||
| CVE-2007-2055 | 1 Afflib | 1 Afflib | 2025-04-09 | 7.5 HIGH | N/A |
| AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called. | |||||
| CVE-2006-5809 | 1 Jonathon J. Freeman | 1 Ovbb | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors. | |||||
| CVE-2007-2121 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. | |||||
| CVE-2007-5890 | 1 Easygb | 1 Easygb | 2025-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5739 | 1 Leicestershire | 1 Communityportals | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. | |||||
| CVE-2007-4136 | 1 Redhat | 1 Conga | 2025-04-09 | 5.0 MEDIUM | N/A |
| The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections. | |||||
| CVE-2006-5318 | 1 Nayco | 1 Jasmine | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter. | |||||
| CVE-2007-4398 | 1 Irssi | 1 Irssi | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||||
| CVE-2006-5235 | 1 Dimension Of Phpbb | 1 Dimension Of Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-3282 | 1 Microsoft | 2 Office, Office Msodatasourcecontrol Activex | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. | |||||
| CVE-2007-0324 | 1 Lizardtech | 1 Djvu Browser Plug-in | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||