Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4010 | 1 Php | 1 Php | 2025-04-09 | 6.8 MEDIUM | N/A |
| The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. | |||||
| CVE-2007-2812 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. | |||||
| CVE-2006-5425 | 1 Xorp | 1 Extensible Open Router Platform | 2025-04-09 | 5.0 MEDIUM | N/A |
| XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. | |||||
| CVE-2006-6826 | 1 Personal .net Portal | 1 Personal .net Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak." | |||||
| CVE-2004-2762 | 1 Ibm | 2 Mvs, Tivoli Storage Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1. | |||||
| CVE-2007-0296 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. | |||||
| CVE-2007-2241 | 1 Isc | 1 Bind | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. | |||||
| CVE-2007-3262 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. | |||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-2193 | 1 Acd Systems | 2 Acdsee, Photo Editor | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0814 | 1 Adrenalin Labs | 1 Adrenalins Asp Chat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. | |||||
| CVE-2007-4069 | 1 Index Script | 1 Index Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2007-0556 | 1 Postgresql | 1 Postgresql | 2025-04-09 | 6.6 MEDIUM | N/A |
| The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | |||||
| CVE-2007-3271 | 1 Yourfreescreamer | 1 Yourfreescreamer | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter. | |||||
| CVE-2007-3161 | 1 Visicom Media | 1 Ace-ftp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. | |||||
| CVE-2007-3529 | 1 Phpdirector | 1 Phpdirector | 2025-04-09 | 7.8 HIGH | N/A |
| videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. | |||||
| CVE-2006-6544 | 1 Cm68 News | 1 Cm68 News | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2426 | 1 Wildbits | 1 Mygallery | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter. | |||||
| CVE-2007-3096 | 1 Pblang | 1 Pblang | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-2201 | 1 Post Revolution | 1 Post Revolution | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php. | |||||