Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0919 | 1 Nickolas Grigoriadis | 1 Mini Web Server | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. | |||||
| CVE-2006-6864 | 1 Enigma2 | 1 Coppermine Bridge | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. | |||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | |||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2006-4925 | 1 Openbsd | 1 Openssh | 2025-04-09 | 5.0 MEDIUM | N/A |
| packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. | |||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2025-04-09 | 7.5 HIGH | N/A |
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | |||||
| CVE-2007-0075 | 1 Aspbb | 1 Aspbb | 2025-04-09 | 7.5 HIGH | N/A |
| AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. | |||||
| CVE-2006-6787 | 1 Mxmania | 1 Newsletter Mx | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6087 | 1 My Little Homepage | 1 My Little Weblog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2007-3341 | 1 Microsoft | 2 All Windows, Internet Explorer | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | |||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2006-5305 | 1 Phpbb | 1 Lat2cyr | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2169 | 1 Mozzers Subsystem | 1 Mozzers Subsystem | 2025-04-09 | 7.5 HIGH | N/A |
| Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php. | |||||
| CVE-2006-5452 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. | |||||
| CVE-2007-4380 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.2 HIGH | N/A |
| Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. | |||||
| CVE-2006-7042 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2006-6261 | 2 Microsoft, Quinnware | 7 Windows 2000, Windows 95, Windows 98 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. | |||||
| CVE-2006-5869 | 1 Pstotext | 1 Pstotext | 2025-04-09 | 5.1 MEDIUM | N/A |
| pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. | |||||
| CVE-2007-3199 | 1 American Financing | 1 Link Request Contact Form | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg. | |||||
| CVE-2006-5375 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03. | |||||