Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29868 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2700 1 Bea 1 Weblogic Server 2025-04-09 4.0 MEDIUM N/A
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
CVE-2007-4230 1 Jems Scripts 1 Bellabiblio 2025-04-09 7.5 HIGH N/A
BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash
CVE-2007-1364 1 Dropafew 1 Dropafew 2025-04-09 6.4 MEDIUM N/A
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
CVE-2006-5404 1 Symantec 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more 2025-04-09 2.6 LOW N/A
Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.
CVE-2007-0559 1 Rp World 1 Rp World 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.
CVE-2007-2621 1 Extrovert Software 1 Thyme Calndar 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
CVE-2008-0680 1 Microtik 1 Routeros 2025-04-09 7.8 HIGH N/A
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
CVE-2006-5008 1 Ibm 1 Aix 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.
CVE-2008-2281 1 Microsoft 2 Ie, Internet Explorer 2025-04-09 9.3 HIGH N/A
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
CVE-2007-4280 1 Asterisk 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more 2025-04-09 3.5 LOW N/A
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
CVE-2006-6205 1 Enthrallweb 1 Ehomes 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter.
CVE-2007-1265 1 Kde 1 K-mail 2025-04-09 7.8 HIGH N/A
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2006-5226 1 Freenews 1 Freenews 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2006-5193 1 Wikyblog 1 Wikyblog 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.
CVE-2007-1574 1 Care2x 1 Care2x 2025-04-09 5.0 MEDIUM N/A
CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2616 1 Novell 1 Netmail 2025-04-09 10.0 HIGH N/A
Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.
CVE-2007-4096 1 Tor 1 Tor 2025-04-09 5.8 MEDIUM N/A
Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2007-2701 1 Bea 1 Weblogic Server 2025-04-09 4.6 MEDIUM N/A
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
CVE-2007-3057 1 Xoops 1 Icontent Module 2025-04-09 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVE-2006-5521 1 Net Dns 1 Net Dns 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.