Vulnerabilities (CVE)

Total 260647 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1411 1 Php 1 Php 2024-02-04 6.8 MEDIUM N/A
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
CVE-2008-0819 1 Plutostatus 1 Plutostatus Locator 2024-02-04 3.6 LOW N/A
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2006-5636 1 Sws 1 Simple Website Software 2024-02-04 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.
CVE-2006-5618 1 Netref 1 Netref 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter.
CVE-2006-6333 1 Linux 1 Linux Kernel 2024-02-04 7.8 HIGH N/A
The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset.
CVE-2006-6804 1 Enthrallweb 1 Dragon Business Directory Pro 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-5081 1 Realnetworks 3 Realone Player, Realplayer, Realplayer Enterprise 2024-02-04 9.3 HIGH N/A
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
CVE-2007-1018 1 Virtualsystem 1 Vs-news-system 2024-02-04 9.3 HIGH N/A
PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5587 2 Macrovision, Microsoft 3 Safedisc, Windows 2003 Server, Windows Xp 2024-02-04 6.9 MEDIUM N/A
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
CVE-2008-0853 2 Joomla, Mambo 2 Com Detail, Com Detail 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
CVE-2006-5291 1 Alex 1 Downloadengine 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656.
CVE-2007-5818 1 Sblog 1 Sblog 2024-02-04 7.6 HIGH N/A
Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators.
CVE-2007-3553 1 Oracle 2 Application Server, Rapid Install Web Server 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2356 1 Gimp 1 Gimp 2024-02-04 6.8 MEDIUM N/A
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
CVE-2007-0609 1 Advanced Guestbook 1 Advanced Guestbook 2024-02-04 5.1 MEDIUM N/A
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
CVE-2007-2766 1 Backup Manager 1 Backup Manager 2024-02-04 7.2 HIGH N/A
lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.
CVE-2007-0970 1 Webtester 1 Webtester 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.
CVE-2007-6036 1 Live555 1 Media Server 2024-02-04 7.1 HIGH N/A
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
CVE-2006-5393 1 Cisco 1 Secure Desktop 2024-02-04 2.1 LOW N/A
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
CVE-2006-5318 1 Nayco 1 Jasmine 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter.