Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0551 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | |||||
| CVE-2006-5383 | 1 Def-blog | 1 Def-blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | |||||
| CVE-2007-0472 | 1 Smb4k | 1 Smb4k | 2025-04-09 | 3.7 LOW | N/A |
| Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp. | |||||
| CVE-2006-6470 | 1 Xerox | 1 Workcentre | 2025-04-09 | 10.0 HIGH | N/A |
| The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature. | |||||
| CVE-2006-5138 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | 5.0 MEDIUM | N/A |
| Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. | |||||
| CVE-2007-2895 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | |||||
| CVE-2007-1197 | 1 Epiware | 1 Epiware | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues. | |||||
| CVE-2007-4111 | 1 Codewidgets | 1 Real Estate Listing Website Application Template | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2006-5515 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface. | |||||
| CVE-2007-4048 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2007-2974 | 1 Avira | 2 Antivir, Av Pack | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." | |||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2007-4504 | 1 Joomla | 1 Rsfiles | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. | |||||
| CVE-2006-6234 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. | |||||
| CVE-2006-5754 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. | |||||
| CVE-2007-0226 | 1 Uniforum | 1 Uniforum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter). | |||||
| CVE-2007-1444 | 1 Netperf | 1 Netperf | 2025-04-09 | 4.4 MEDIUM | N/A |
| netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug. | |||||
| CVE-2007-2143 | 1 Bonoestente | 1 Joomla Template Be2004-2 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2602 | 1 Progress | 1 Whatsup Gold | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. | |||||