Vulnerabilities (CVE)

Total 259032 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6948 1 Myodbc 1 Myodbc 2024-02-04 7.8 HIGH N/A
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
CVE-2007-5578 1 Secureideas 1 Basic Analysis And Security Engine 2024-02-04 7.5 HIGH N/A
Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.
CVE-2006-6822 1 Enthrallweb 1 Eclassifieds 2024-02-04 3.5 LOW N/A
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2007-3189 1 Jffnms 1 Just For Fun Network Management System 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-0544 1 Mybb 1 Mybb 2024-02-04 6.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
CVE-2007-4742 1 Claroline 1 Claroline 2024-02-04 4.3 MEDIUM N/A
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
CVE-2007-3370 1 Kim Kyoung Min 1 Sun Board 2024-02-04 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php.
CVE-2006-6163 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
CVE-2007-3455 1 Trend Micro 1 Officescan 2024-02-04 10.0 HIGH N/A
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
CVE-2006-6466 1 Wikyblog 1 Wikyblog 2024-02-04 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use.
CVE-2008-0841 2 Joomla, Mambo 2 Com Ricette Component, Com Ricette Component 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4974 1 Mega-nerd 1 Libsndfile 2024-02-04 7.5 HIGH N/A
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
CVE-2008-0583 1 Skype Technologies 1 Skype 2024-02-04 4.3 MEDIUM N/A
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
CVE-2007-1342 1 Jelsoft 1 Vbulletin 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
CVE-2006-5033 1 Paul Smith Computer Services 1 Vcap 2024-02-04 5.0 MEDIUM N/A
Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding.
CVE-2006-6616 1 W00t Gallery 1 W00t Gallery 2024-02-04 6.0 MEDIUM N/A
index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information.
CVE-2006-6603 1 Yahoo 1 Messenger 2024-02-04 9.3 HIGH N/A
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.
CVE-2007-3399 1 Phpee 1 Power Phlogger 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.
CVE-2007-6638 1 March Networks 1 3204 Dvr 2024-02-04 10.0 HIGH N/A
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
CVE-2007-2976 1 Cetrinity 2 Firstclass, Server And Internet Services 2024-02-04 4.3 MEDIUM N/A
Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.