Total
259474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5781 | 1 Sige | 1 Sige | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter. | |||||
| CVE-2006-7224 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All CVE users should consult CVE-2006-7227, CVE-2005-4872, and CVE-2006-7228 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2007-4494 | 1 Ez | 1 Ez Publish | 2024-02-04 | 5.0 MEDIUM | N/A |
| The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks. | |||||
| CVE-2007-3388 | 1 Trolltech | 1 Qt | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. | |||||
| CVE-2007-2561 | 1 Fipsasp | 1 Fipscms | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115. | |||||
| CVE-2007-0101 | 1 Spine | 1 Spine | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3396 | 1 Key Focus | 1 Kf Web Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. | |||||
| CVE-2008-0418 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | |||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2024-02-04 | 6.8 MEDIUM | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | |||||
| CVE-2007-2164 | 1 Kde | 1 Konqueror | 2024-02-04 | 5.0 MEDIUM | N/A |
| Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-6149 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation. | |||||
| CVE-2008-0566 | 1 Deltascripts | 1 Php Links | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter. | |||||
| CVE-2007-1700 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. | |||||
| CVE-2007-2932 | 1 Boastmachine | 1 Boastmachine | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. | |||||
| CVE-2007-6301 | 1 Open Newsletter | 1 Open Newsletter | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | |||||
| CVE-2007-0611 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. | |||||
| CVE-2007-4413 | 1 Headstart Solutions | 1 Deskpro | 2024-02-04 | 3.5 LOW | N/A |
| Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter. | |||||
| CVE-2006-6240 | 1 Telnet Ftp Server | 1 Telnet Ftp Server | 2024-02-04 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument, as demonstrated by RETR (GET) or STOR (PUT). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-4247 | 1 Plone | 1 Plone | 2024-02-04 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | |||||
| CVE-2006-5486 | 1 Sun | 2 Iplanet Messaging Server, Java System Messaging Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. | |||||