Total
29866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2545 | 1 Persism Cms | 1 Persism Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/. | |||||
| CVE-2006-6995 | 1 V3 Chat | 1 V3chat Instant Messenger | 2025-04-09 | 6.0 MEDIUM | N/A |
| mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. | |||||
| CVE-2007-1543 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. | |||||
| CVE-2009-3572 | 1 Openbsd | 1 Openbsd | 2025-04-09 | 4.9 MEDIUM | N/A |
| OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. | |||||
| CVE-2007-2282 | 1 Cisco | 1 Netflow Collection Engine | 2025-04-09 | 10.0 HIGH | N/A |
| Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. | |||||
| CVE-2006-6365 | 1 Duware | 1 Dupaypal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047. | |||||
| CVE-2007-2366 | 1 Corel | 1 Paint Shop Pro | 2025-04-09 | 7.4 HIGH | N/A |
| Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | |||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6980 | 1 Magnatune.com | 1 Album Browser | 2025-04-09 | 2.6 LOW | N/A |
| The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2007-1197 | 1 Epiware | 1 Epiware | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues. | |||||
| CVE-2007-1054 | 1 Mediawiki | 1 Mediawiki | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. | |||||
| CVE-2007-1040 | 1 Xpression News | 1 Xpression News | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. | |||||
| CVE-2006-6759 | 1 Realnetworks | 1 Realplayer | 2025-04-09 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments. | |||||
| CVE-2006-6630 | 1 Ibiblio | 1 Osprey | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||||
| CVE-2008-1319 | 1 Versant | 1 Versant Object Database | 2025-04-09 | 9.3 HIGH | N/A |
| Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field. | |||||
| CVE-2007-1422 | 1 Duyuru Scripti | 1 Duyuru Scripti | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688. | |||||
| CVE-2006-5708 | 1 Alt-n | 1 Mdaemon | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | |||||
| CVE-2006-5931 | 1 Aigaion | 1 Aigaion | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-7091 | 1 Hinton Design | 1 Phpht Topsites Free | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7179 | 1 Madwifi | 1 Madwifi | 2025-04-09 | 7.8 HIGH | N/A |
| ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. | |||||