Total
260634 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | |||||
CVE-2007-6320 | 1 Drupal | 1 Feature Module | 2024-02-04 | 4.3 MEDIUM | N/A |
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. | |||||
CVE-2007-2313 | 1 Mxbb | 1 Mx Shotcast | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
CVE-2007-1993 | 1 Hp | 1 Hp-ux | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." | |||||
CVE-2007-4112 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation." | |||||
CVE-2007-4289 | 1 Sun | 1 Java System Portal Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. | |||||
CVE-2008-1050 | 1 Softbiz | 1 Jokes And Funny Pictures Script | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. | |||||
CVE-2006-5187 | 1 Bulletin Board Ace | 1 Bulletin Board Ace | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2007-5741 | 1 Plone | 1 Plone | 2024-02-04 | 7.5 HIGH | N/A |
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | |||||
CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
CVE-2007-3807 | 1 Sitescape | 1 Sitescape Forum | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. | |||||
CVE-2006-6363 | 1 Bluesocket | 1 Bsc 2100 | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. | |||||
CVE-2007-4242 | 1 Astaro | 1 Security Gateway | 2024-02-04 | 5.0 MEDIUM | N/A |
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment. | |||||
CVE-2007-6307 | 1 Jfree | 1 Jfreechart | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. | |||||
CVE-2007-4378 | 1 Rndlabs | 1 Babo Violent | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | |||||
CVE-2007-0847 | 1 Open Tibia Server Cms | 1 Open Tibia Server Cms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php. | |||||
CVE-2006-5709 | 1 Alt-n | 1 Mdaemon | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit." | |||||
CVE-2007-0893 | 1 Matthieu Aubry | 1 Phpmyvisites | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | |||||
CVE-2007-1306 | 1 Digium | 1 Asterisk | 2024-02-04 | 7.8 HIGH | N/A |
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. | |||||
CVE-2007-4007 | 1 Article Directory | 1 Article Directory | 2024-02-04 | 9.3 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |