Total
258808 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5436 | 1 Freefaq | 1 Freefaq | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter. | |||||
| CVE-2006-5568 | 1 Datawizard | 1 Ftpxq | 2024-02-04 | 5.0 MEDIUM | N/A |
| FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command. | |||||
| CVE-2006-7190 | 1 Web-app.net | 1 Webapp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc. | |||||
| CVE-2006-6954 | 1 Flock | 1 Flock | 2024-02-04 | 4.3 MEDIUM | N/A |
| Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | |||||
| CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. | |||||
| CVE-2007-5698 | 1 Creapark | 1 Gold Koy Portali | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in CREApark GOLD KOY PORTALI allows remote attackers to inject arbitrary web script or HTML via the aranan parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6812 | 1 Myphpcalendar | 1 Myphpcalendar | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. | |||||
| CVE-2007-0319 | 1 Motive Incorporated | 2 Self Service Manager, Service Activation Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-3417 | 1 Web-app.org | 1 Webapp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function. | |||||
| CVE-2006-5538 | 1 D-link | 1 Dsl-g624t | 2024-02-04 | 5.0 MEDIUM | N/A |
| D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | |||||
| CVE-2006-5209 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1504 | 1 Fujitsu | 2 Interstage Application Server, Interstage Apworks | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. | |||||
| CVE-2007-1572 | 1 Sourceforge | 1 Jgbbs | 2024-02-04 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0188 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none. | |||||
| CVE-2006-7056 | 1 Dreamcost | 1 Hostadmin | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791. | |||||
| CVE-2006-5433 | 1 Timm Maass | 1 Alice Cms | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter. | |||||
| CVE-2007-4395 | 1 Sun | 1 Sunos | 2024-02-04 | 7.6 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role. | |||||
| CVE-2007-5004 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2024-02-04 | 9.3 HIGH | N/A |
| Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password. | |||||
| CVE-2007-4004 | 1 Ibm | 1 Aix | 2024-02-04 | 6.9 MEDIUM | N/A |
| Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries. | |||||
| CVE-2006-5138 | 1 Ubbcentral | 1 Ubb.threads | 2024-02-04 | 5.0 MEDIUM | N/A |
| Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. | |||||