Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5566 | 1 Webasyst Llc | 1 Shop-script | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters. | |||||
| CVE-2007-1449 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | |||||
| CVE-2007-0841 | 1 Vbdrupal | 1 Vbdrupal | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. | |||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | |||||
| CVE-2007-4077 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. | |||||
| CVE-2007-3560 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | |||||
| CVE-2007-3824 | 1 Mehmet Zati Karahan | 1 Mzk Blog | 2025-04-09 | 10.0 HIGH | N/A |
| SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | |||||
| CVE-2009-3274 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2025-04-09 | 4.4 MEDIUM | N/A |
| Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2683 | 1 Mutt | 1 Mutt | 2025-04-09 | 3.5 LOW | N/A |
| Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | |||||
| CVE-2006-6062 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. | |||||
| CVE-2006-4182 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. | |||||
| CVE-2007-4439 | 1 Lighthouse Development | 1 Squirrelcart | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php. | |||||
| CVE-2007-2739 | 1 Xajax | 1 Xajax | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2170 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 9.4 HIGH | N/A |
| The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. | |||||
| CVE-2006-6138 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. | |||||
| CVE-2006-6904 | 1 Broadcom | 1 Bluetooth Stack | 2025-04-09 | 7.9 HIGH | N/A |
| Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||
| CVE-2006-4813 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked. | |||||
| CVE-2007-1128 | 1 Watersweb Shops | 1 Shop Kit Plus | 2025-04-09 | 5.0 MEDIUM | N/A |
| shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | |||||
| CVE-2006-5761 | 1 Rhadrix | 1 If-cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. | |||||