Vulnerabilities (CVE)

Total 260647 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5187 1 Bulletin Board Ace 1 Bulletin Board Ace 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-5741 1 Plone 1 Plone 2024-02-04 7.5 HIGH N/A
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
CVE-2007-1158 1 Postnuke Software Foundation 1 Pagesetter 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2007-3807 1 Sitescape 1 Sitescape Forum 2024-02-04 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
CVE-2006-6363 1 Bluesocket 1 Bsc 2100 2024-02-04 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter.
CVE-2007-4242 1 Astaro 1 Security Gateway 2024-02-04 5.0 MEDIUM N/A
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
CVE-2007-6307 1 Jfree 1 Jfreechart 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
CVE-2007-4378 1 Rndlabs 1 Babo Violent 2024-02-04 6.8 MEDIUM N/A
Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login.
CVE-2007-0847 1 Open Tibia Server Cms 1 Open Tibia Server Cms 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
CVE-2006-5709 1 Alt-n 1 Mdaemon 2024-02-04 10.0 HIGH N/A
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
CVE-2007-0893 1 Matthieu Aubry 1 Phpmyvisites 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.
CVE-2007-1306 1 Digium 1 Asterisk 2024-02-04 7.8 HIGH N/A
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
CVE-2007-4007 1 Article Directory 1 Article Directory 2024-02-04 9.3 HIGH N/A
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-6757 1 Cwm-design 1 Cwmexplorer 2024-02-04 7.8 HIGH N/A
Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter.
CVE-2007-4517 1 Oracle 1 Database Server 2024-02-04 6.0 MEDIUM N/A
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
CVE-2007-1011 1 Vs-gastebuch 1 Vs-gastebuch 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
CVE-2007-1434 1 Grayscale 1 Grayscale Blog 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
CVE-2008-0680 1 Microtik 1 Routeros 2024-02-04 7.8 HIGH N/A
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
CVE-2007-3120 1 Aiocp 1 Aiocp 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-6104 1 Mono 1 Xsp 2024-02-04 5.0 MEDIUM N/A
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.