Vulnerabilities (CVE)

Total 260580 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2354 1 Progress 1 Webspeed Messenger 2024-02-04 7.8 HIGH N/A
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.
CVE-2006-5762 1 Free Php Scripts 2 Free File Hosting, Free Image Hosting 2024-02-04 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
CVE-2007-4480 1 Wordpress 1 Sirius 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
CVE-2006-4902 1 Symantec 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server 2024-02-04 10.0 HIGH N/A
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
CVE-2006-5197 1 Pdshoppro 1 Pdshoppro 2024-02-04 5.0 MEDIUM N/A
PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb.
CVE-2008-0672 1 Tintin 2 Tintin\+\+, Wintin\+\+ 2024-02-04 5.0 MEDIUM N/A
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
CVE-2006-6588 1 Apache 1 Ofbiz 2024-02-04 7.5 HIGH N/A
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
CVE-2006-6987 1 Softinform 1 Finebrowser 2024-02-04 7.8 HIGH N/A
Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
CVE-2006-6948 1 Myodbc 1 Myodbc 2024-02-04 7.8 HIGH N/A
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
CVE-2007-5578 1 Secureideas 1 Basic Analysis And Security Engine 2024-02-04 7.5 HIGH N/A
Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.
CVE-2006-6822 1 Enthrallweb 1 Eclassifieds 2024-02-04 3.5 LOW N/A
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2007-3189 1 Jffnms 1 Just For Fun Network Management System 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-0544 1 Mybb 1 Mybb 2024-02-04 6.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
CVE-2007-4742 1 Claroline 1 Claroline 2024-02-04 4.3 MEDIUM N/A
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
CVE-2007-3370 1 Kim Kyoung Min 1 Sun Board 2024-02-04 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php.
CVE-2006-6163 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
CVE-2007-3455 1 Trend Micro 1 Officescan 2024-02-04 10.0 HIGH N/A
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
CVE-2006-6466 1 Wikyblog 1 Wikyblog 2024-02-04 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use.
CVE-2008-0841 2 Joomla, Mambo 2 Com Ricette Component, Com Ricette Component 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4974 1 Mega-nerd 1 Libsndfile 2024-02-04 7.5 HIGH N/A
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.