Vulnerabilities (CVE)

Total 260634 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4359 1 Skilmatch Staffing Systems 1 Joblister3 2024-02-04 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.
CVE-2007-6320 1 Drupal 1 Feature Module 2024-02-04 4.3 MEDIUM N/A
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
CVE-2007-2313 1 Mxbb 1 Mx Shotcast 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2007-1993 1 Hp 1 Hp-ux 2024-02-04 9.3 HIGH N/A
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."
CVE-2007-4112 1 Advanced Webhost Billing System 1 Advanced Webhost Billing System 2024-02-04 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
CVE-2007-4289 1 Sun 1 Java System Portal Server 2024-02-04 6.8 MEDIUM N/A
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
CVE-2008-1050 1 Softbiz 1 Jokes And Funny Pictures Script 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
CVE-2006-5187 1 Bulletin Board Ace 1 Bulletin Board Ace 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-5741 1 Plone 1 Plone 2024-02-04 7.5 HIGH N/A
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
CVE-2007-1158 1 Postnuke Software Foundation 1 Pagesetter 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2007-3807 1 Sitescape 1 Sitescape Forum 2024-02-04 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
CVE-2006-6363 1 Bluesocket 1 Bsc 2100 2024-02-04 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter.
CVE-2007-4242 1 Astaro 1 Security Gateway 2024-02-04 5.0 MEDIUM N/A
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
CVE-2007-6307 1 Jfree 1 Jfreechart 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
CVE-2007-4378 1 Rndlabs 1 Babo Violent 2024-02-04 6.8 MEDIUM N/A
Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login.
CVE-2007-0847 1 Open Tibia Server Cms 1 Open Tibia Server Cms 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
CVE-2006-5709 1 Alt-n 1 Mdaemon 2024-02-04 10.0 HIGH N/A
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
CVE-2007-0893 1 Matthieu Aubry 1 Phpmyvisites 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.
CVE-2007-1306 1 Digium 1 Asterisk 2024-02-04 7.8 HIGH N/A
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
CVE-2007-4007 1 Article Directory 1 Article Directory 2024-02-04 9.3 HIGH N/A
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.