Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5128 | 1 Conpresso | 1 Conpresso Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter. | |||||
| CVE-2007-2213 | 1 Ipswitch | 1 Ws Ftp | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments." | |||||
| CVE-2007-0550 | 1 212cafe | 1 212cafeboard | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. | |||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | |||||
| CVE-2006-6444 | 1 Divx | 1 Divx Player | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2807 | 1 Eggheads | 1 Eggdrop Irc Bot | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message. | |||||
| CVE-2007-3070 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | |||||
| CVE-2006-6856 | 1 Webtext | 1 Webtext | 2025-04-09 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | |||||
| CVE-2006-5622 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | |||||
| CVE-2008-5914 | 1 Apple | 1 Safari | 2025-04-09 | 2.1 LOW | N/A |
| An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-3359 | 1 Iptel | 1 Serweb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6428 | 1 X.org | 2 Tog-cup, Xserver | 2025-04-09 | 5.0 MEDIUM | N/A |
| The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. | |||||
| CVE-2007-0600 | 2 Makit, Martyn Kilbryde | 2 Newsposter Script, Newsposter Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2007-2704 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.4 MEDIUM | N/A |
| BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket. | |||||
| CVE-2007-4353 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
| Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods. | |||||
| CVE-2006-5944 | 1 Mginternet | 1 Car Site Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2007-1840 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). | |||||
| CVE-2006-5059 | 1 Wired Community Software | 1 Wwwthreads | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php. | |||||
| CVE-2006-5811 | 1 Openemr | 1 Openemr | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter. | |||||