Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5475 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||
| CVE-2007-3818 | 1 Drupal | 1 Logintoboggan Module | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block." | |||||
| CVE-2009-0217 | 3 Ibm, Mono Project, Oracle | 5 Websphere Application Server, Mono, Application Server and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | |||||
| CVE-2007-3361 | 1 Nortel | 1 Pc Client Soft Phone Sip | 2025-04-09 | 7.8 HIGH | N/A |
| The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header. | |||||
| CVE-2007-2773 | 1 Zomplog | 1 Zomplog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. | |||||
| CVE-2006-5590 | 1 Articlebeach | 1 Articlebeach Script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-6479 | 1 Scriptphp | 1 Annoncescripthp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php. | |||||
| CVE-2006-5430 | 1 Db-central | 2 Cms, Enterprise Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in db-central (dbc) Enterprise CMS and db-central CMS allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-1183 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | |||||
| CVE-2006-7155 | 1 Novell | 1 Bordermanager | 2025-04-09 | 7.5 HIGH | N/A |
| Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286. | |||||
| CVE-2007-1982 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php. | |||||
| CVE-2007-3359 | 1 Iptel | 1 Serweb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1942 | 1 Faststone | 1 Image Viewer | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp. | |||||
| CVE-2007-0156 | 1 M-core | 1 M-core | 2025-04-09 | 7.5 HIGH | N/A |
| M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. | |||||
| CVE-2006-6372 | 1 James Barnsley | 1 Jab Guest Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2881 | 1 Sun | 1 Java System Web Proxy Server | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. | |||||
| CVE-2008-0441 | 1 Ibm | 1 Tivoli Business Service Manager | 2025-04-09 | 2.1 LOW | N/A |
| IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information. | |||||
| CVE-2007-0414 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. | |||||
| CVE-2006-5397 | 1 X.org | 1 Libx11 | 2025-04-09 | 2.1 LOW | N/A |
| The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. | |||||
| CVE-2007-0385 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 7.8 HIGH | N/A |
| The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. | |||||