Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2312 | 1 Vwar | 1 Virtual War | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement. | |||||
| CVE-2006-6937 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. | |||||
| CVE-2007-1997 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.5 HIGH | N/A |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. | |||||
| CVE-2007-1999 | 1 Nazarkin.name | 1 Weatimages | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter. | |||||
| CVE-2006-5804 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-1603 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2025-04-09 | 7.5 HIGH | N/A |
| admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request. | |||||
| CVE-2007-3293 | 1 Livecms | 1 Livecms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-3658 | 1 Microsoft | 1 Register Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library. | |||||
| CVE-2007-0300 | 1 Tlm Cms | 1 Tlm Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2007-3331 | 1 Stphp | 1 Easynews | 2025-04-09 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post. | |||||
| CVE-2007-4107 | 1 Phpmyforum | 1 Phpmyforum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0547 | 1 Cgi-rescue | 1 Webform | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5182 | 1 Dan Jensen | 1 Travelsized Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2007-1169 | 1 Trend Micro | 1 Serverprotect | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2007-2361 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2025-04-09 | 4.9 MEDIUM | N/A |
| Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file. | |||||
| CVE-2006-7026 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149. | |||||
| CVE-2007-1599 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 MEDIUM | N/A |
| wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | |||||
| CVE-2006-6043 | 1 Oliver | 1 Oliver | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function. | |||||
| CVE-2007-0852 | 1 Techexcel Inc. | 1 Devtrack | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3122 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 5.0 MEDIUM | N/A |
| The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. | |||||