Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7172 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. | |||||
| CVE-2007-1617 | 1 Scriptmagix | 1 Scriptmagix Recipes | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-0384 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1825 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3. | |||||
| CVE-2007-0945 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." | |||||
| CVE-2007-1188 | 1 Web-app.org | 1 Webapp | 2025-04-09 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking". | |||||
| CVE-2007-4283 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | |||||
| CVE-2007-2425 | 1 Blackdot | 1 Imageview | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter. | |||||
| CVE-2006-5598 | 1 Webgeneius | 1 Goop Gallery | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter. | |||||
| CVE-2006-6387 | 1 Link Content Management Server | 1 Link Content Management Server | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0930 | 1 Apache Stats | 1 Apache Stats | 2025-04-09 | 7.5 HIGH | N/A |
| Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function. | |||||
| CVE-2006-5475 | 1 Drupal | 1 Drupal | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||
| CVE-2007-1795 | 1 Jccorp | 1 Urlshrink | 2025-04-09 | 10.0 HIGH | N/A |
| JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2945 | 1 Rmforum | 1 Rmforum | 2025-04-09 | 5.0 MEDIUM | N/A |
| RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. | |||||
| CVE-2007-1011 | 1 Vs-gastebuch | 1 Vs-gastebuch | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter. | |||||
| CVE-2007-3527 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | 6.8 MEDIUM | N/A |
| Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data. | |||||
| CVE-2006-6768 | 1 Pwp Technologies | 1 The Classified Ad System | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter. | |||||
| CVE-2006-6455 | 1 Duware | 1 Dudirectory | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2282 | 1 Cisco | 1 Netflow Collection Engine | 2025-04-09 | 10.0 HIGH | N/A |
| Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. | |||||
| CVE-2007-4528 | 1 Php | 1 Php | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE. | |||||