Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6577 | 1 Neocrome | 2 Land Down Under, Seditio | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0571 | 1 Phpmyreports | 1 Phpmyreports | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter. | |||||
| CVE-2006-5772 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter. | |||||
| CVE-2007-4085 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. | |||||
| CVE-2007-2513 | 1 Novell | 1 Groupwise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. | |||||
| CVE-2007-1546 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2025-04-09 | 5.0 MEDIUM | N/A |
| Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. | |||||
| CVE-2006-6784 | 1 Netbula | 1 Anyboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form. | |||||
| CVE-2007-4198 | 1 Brian Carrier | 1 The Slueth Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read. | |||||
| CVE-2007-3323 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2. | |||||
| CVE-2007-2001 | 1 Crea-book | 1 Crea-book | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3. | |||||
| CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2025-04-09 | 7.5 HIGH | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||||
| CVE-2007-2045 | 1 Sun | 1 Sunos | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments. | |||||
| CVE-2007-3066 | 1 Phpreactor | 1 Phpreactor | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983. | |||||
| CVE-2007-1002 | 1 Evolution | 1 Shared Memo | 2025-04-09 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | |||||
| CVE-2006-5726 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. | |||||
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. | |||||
| CVE-2007-0484 | 1 Enthusiast | 1 Enthusiast | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6345 | 1 Sap | 1 Internet Graphics Server | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134. | |||||
| CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | |||||
| CVE-2007-1705 | 1 Active Trade | 1 Active Trade | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||