Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2634 | 1 Agner Fog | 1 Aforum | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6055 | 1 D-link | 1 Dwl-g132 | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). | |||||
| CVE-2007-2959 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | |||||
| CVE-2007-1635 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2025-04-09 | 9.0 HIGH | N/A |
| Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | |||||
| CVE-2006-5896 | 1 Remlab | 1 Web Mech Designer | 2025-04-09 | 5.0 MEDIUM | N/A |
| REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. | |||||
| CVE-2006-6712 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages. | |||||
| CVE-2007-0305 | 1 Okulsistem Okul Web | 1 Otomasyon Sistemi | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3604 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | 4.0 MEDIUM | N/A |
| vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. | |||||
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | |||||
| CVE-2007-3256 | 1 Xythos | 3 Digital Locker, Enterprise Document Manager, Webfile Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. | |||||
| CVE-2006-5933 | 1 Ultrasite | 1 Ultrasite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1298 | 1 Aj Square | 1 Ajauction | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | |||||
| CVE-2006-7077 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. | |||||
| CVE-2007-0503 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. | |||||
| CVE-2007-0580 | 1 Javier Suarez Sanz | 1 Foro Domus | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter. | |||||
| CVE-2007-0742 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
| The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-5261 | 1 Phpmynews | 1 Phpmynews | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/. | |||||
| CVE-2007-4259 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | 5.0 MEDIUM | N/A |
| EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled. | |||||
| CVE-2007-2686 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. | |||||
| CVE-2007-3288 | 1 Skeltoac | 1 Automattic Stats | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field. | |||||