Total
260647 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5187 | 1 Bulletin Board Ace | 1 Bulletin Board Ace | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2007-5741 | 1 Plone | 1 Plone | 2024-02-04 | 7.5 HIGH | N/A |
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | |||||
CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
CVE-2007-3807 | 1 Sitescape | 1 Sitescape Forum | 2024-02-04 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. | |||||
CVE-2006-6363 | 1 Bluesocket | 1 Bsc 2100 | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. | |||||
CVE-2007-4242 | 1 Astaro | 1 Security Gateway | 2024-02-04 | 5.0 MEDIUM | N/A |
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment. | |||||
CVE-2007-6307 | 1 Jfree | 1 Jfreechart | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. | |||||
CVE-2007-4378 | 1 Rndlabs | 1 Babo Violent | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | |||||
CVE-2007-0847 | 1 Open Tibia Server Cms | 1 Open Tibia Server Cms | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php. | |||||
CVE-2006-5709 | 1 Alt-n | 1 Mdaemon | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit." | |||||
CVE-2007-0893 | 1 Matthieu Aubry | 1 Phpmyvisites | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | |||||
CVE-2007-1306 | 1 Digium | 1 Asterisk | 2024-02-04 | 7.8 HIGH | N/A |
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. | |||||
CVE-2007-4007 | 1 Article Directory | 1 Article Directory | 2024-02-04 | 9.3 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2006-6757 | 1 Cwm-design | 1 Cwmexplorer | 2024-02-04 | 7.8 HIGH | N/A |
Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter. | |||||
CVE-2007-4517 | 1 Oracle | 1 Database Server | 2024-02-04 | 6.0 MEDIUM | N/A |
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | |||||
CVE-2007-1011 | 1 Vs-gastebuch | 1 Vs-gastebuch | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter. | |||||
CVE-2007-1434 | 1 Grayscale | 1 Grayscale Blog | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php. | |||||
CVE-2008-0680 | 1 Microtik | 1 Routeros | 2024-02-04 | 7.8 HIGH | N/A |
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. | |||||
CVE-2007-3120 | 1 Aiocp | 1 Aiocp | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-6104 | 1 Mono | 1 Xsp | 2024-02-04 | 5.0 MEDIUM | N/A |
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. |