Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6422 | 1 Agileco | 2 Agilebill, Agilevoice | 2025-04-09 | 5.0 MEDIUM | N/A |
| Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1326 | 1 Serendipity | 1 Serendipity | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | |||||
| CVE-2008-0002 | 1 Apache | 1 Tomcat | 2025-04-09 | 5.8 MEDIUM | N/A |
| Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. | |||||
| CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2025-04-09 | 9.3 HIGH | N/A |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0452 | 1 Samba | 1 Samba | 2025-04-09 | 6.8 MEDIUM | N/A |
| smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. | |||||
| CVE-2007-2207 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. | |||||
| CVE-2006-7188 | 1 Web-app.net | 1 Webapp | 2025-04-09 | 5.0 MEDIUM | N/A |
| The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable. | |||||
| CVE-2007-3790 | 1 Php | 1 Php | 2025-04-09 | 5.8 MEDIUM | N/A |
| The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | |||||
| CVE-2007-5795 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2025-04-09 | 6.3 MEDIUM | N/A |
| The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | |||||
| CVE-2007-0750 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. | |||||
| CVE-2007-2659 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action. | |||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. | |||||
| CVE-2007-1295 | 1 Aj Forum | 1 Aj Forum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter. | |||||
| CVE-2006-5147 | 1 Vamp Webmail | 1 Vamp Webmail | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. | |||||
| CVE-2007-0338 | 1 Bolintech | 1 Dreamftp Server | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | |||||
| CVE-2006-5098 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-09 | 5.0 MEDIUM | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. | |||||
| CVE-2007-2895 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | |||||
| CVE-2006-6703 | 1 Oracle | 2 Oracle10g, Oracle9i | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | |||||
| CVE-2006-6369 | 1 Invision Power Services | 1 Invision Community Blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. | |||||
| CVE-2006-5720 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | |||||