Total
258813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6987 | 1 Softinform | 1 Finebrowser | 2024-02-04 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6948 | 1 Myodbc | 1 Myodbc | 2024-02-04 | 7.8 HIGH | N/A |
| MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database. | |||||
| CVE-2007-5578 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2024-02-04 | 7.5 HIGH | N/A |
| Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors. | |||||
| CVE-2006-6822 | 1 Enthrallweb | 1 Eclassifieds | 2024-02-04 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2007-3189 | 1 Jffnms | 1 Just For Fun Network Management System | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0544 | 1 Mybb | 1 Mybb | 2024-02-04 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. | |||||
| CVE-2007-4742 | 1 Claroline | 1 Claroline | 2024-02-04 | 4.3 MEDIUM | N/A |
| Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | |||||
| CVE-2007-3370 | 1 Kim Kyoung Min | 1 Sun Board | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | |||||
| CVE-2006-6163 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. | |||||
| CVE-2007-3455 | 1 Trend Micro | 1 Officescan | 2024-02-04 | 10.0 HIGH | N/A |
| cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information." | |||||
| CVE-2006-6466 | 1 Wikyblog | 1 Wikyblog | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use. | |||||
| CVE-2008-0841 | 2 Joomla, Mambo | 2 Com Ricette Component, Com Ricette Component | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4974 | 1 Mega-nerd | 1 Libsndfile | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size. | |||||
| CVE-2008-0583 | 1 Skype Technologies | 1 Skype | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. | |||||
| CVE-2007-1342 | 1 Jelsoft | 1 Vbulletin | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. | |||||
| CVE-2006-5033 | 1 Paul Smith Computer Services | 1 Vcap | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding. | |||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2024-02-04 | 6.0 MEDIUM | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6603 | 1 Yahoo | 1 Messenger | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. | |||||
| CVE-2007-3399 | 1 Phpee | 1 Power Phlogger | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php. | |||||
| CVE-2007-6638 | 1 March Networks | 1 3204 Dvr | 2024-02-04 | 10.0 HIGH | N/A |
| March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz. | |||||