Total
258807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5062 | 1 Adam Scheinberg | 1 Flip | 2024-02-04 | 7.5 HIGH | N/A |
| account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action. | |||||
| CVE-2007-6056 | 1 Aida-orga | 1 Aida-web | 2024-02-04 | 5.0 MEDIUM | N/A |
| frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters. | |||||
| CVE-2007-2008 | 1 Pl-php | 1 Pl-php | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2006-6033 | 1 Sphpblog | 1 Sphpblog | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. (dot dot) sequence in the blog_theme parameter in (1) index.php, (2) add_cgi.php, (3) add_link.php, (4) login.php, (5) template.php, or (6) contact.php. | |||||
| CVE-2006-5328 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2024-02-04 | 7.2 HIGH | N/A |
| OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. | |||||
| CVE-2007-3448 | 1 Bugmall | 1 Shopping Cart | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected. | |||||
| CVE-2007-5770 | 1 Ruby-lang | 1 Ruby | 2024-02-04 | 5.0 MEDIUM | N/A |
| The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. | |||||
| CVE-2006-7130 | 1 Jinzora | 1 Jinzora | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770. | |||||
| CVE-2006-6706 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2024-02-04 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | |||||
| CVE-2008-0358 | 1 Pixelpost | 1 Pixelpost | 2024-02-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. | |||||
| CVE-2008-0839 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6247 | 1 Uapplication | 1 Uphotogallery | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp. | |||||
| CVE-2007-1928 | 1 Witshare | 1 Witshare | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter. | |||||
| CVE-2008-0602 | 1 All Club Cms | 1 All Club Cms | 2024-02-04 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter. | |||||
| CVE-2007-0633 | 1 T-systems Solutions For Research Gmbh | 1 Mynews | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. | |||||
| CVE-2007-6193 | 1 Citrix | 1 Netscaler | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | |||||
| CVE-2007-3066 | 1 Phpreactor | 1 Phpreactor | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983. | |||||
| CVE-2007-4821 | 1 Edraw | 1 Office Viewer Component | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169. | |||||
| CVE-2007-4960 | 1 Linden Lab | 1 Second Life | 2024-02-04 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | |||||
| CVE-2007-5250 | 1 Americasarmy | 2 America\'s Army, America\'s Army Special Forces | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. NOTE: this issue may overlap CVE-2007-4443. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | |||||