Vulnerabilities (CVE)

Total 260589 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2235 1 Punbb 1 Punbb 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
CVE-2006-6870 1 Avahi 1 Avahi 2024-02-04 5.0 MEDIUM N/A
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
CVE-2007-0092 1 E-smart Cart 1 E-smart Cart 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
CVE-2007-4818 1 Txx Cms 1 Txx Cms 2024-02-04 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/.
CVE-2006-6293 1 F-prot 1 F-prot Antivirus 2024-02-04 7.5 HIGH N/A
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
CVE-2008-1112 2024-02-04 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0928. Reason: This candidate is a duplicate of CVE-2008-0928. Notes: All CVE users should reference CVE-2008-0928 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2007-2080 1 Xampp 1 Apache Distribution 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
CVE-2006-6668 1 Verliadmin 1 Verliadmin 2024-02-04 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0636 1 Level Platforms 1 Managed Workplace Service Center 2024-02-04 5.0 MEDIUM N/A
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
CVE-2007-6176 1 Amensa-soft 1 K\+b-bestellsystem 2024-02-04 10.0 HIGH N/A
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
CVE-2006-4842 2 Netscape, Sun 2 Portable Runtime Api, Solaris 2024-02-04 3.6 LOW N/A
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2007-2973 1 Avira 2 Antivir, Av Pack 2024-02-04 7.8 HIGH N/A
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.
CVE-2007-6421 1 Apache 1 Http Server 2024-02-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
CVE-2007-5911 1 Viewpoint 1 Media Player 2024-02-04 6.8 MEDIUM N/A
Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKeyFileURL, (3) Component, (4) ComponentClassID, (5) ComponentFileName, (6) ExtraProperty, (7) Properties, (8) RequiredVersions, (9) Source, or (10) XMLText method.
CVE-2007-0124 1 Drupal 1 Drupal 2024-02-04 3.5 LOW N/A
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
CVE-2007-3207 1 Novell 1 Client 2024-02-04 7.1 HIGH N/A
Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request.
CVE-2008-0806 1 Paul Pelzl 1 Wyrd 2024-02-04 3.6 LOW N/A
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.
CVE-2007-2962 1 Particle Soft 1 Particle Gallery 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.
CVE-2007-5817 1 Contentcustomizer 1 Contentcustomizer 2024-02-04 4.3 MEDIUM N/A
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.
CVE-2007-3498 1 Htmlpurifier 1 Htmlpurifier 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output."