Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2268 | 1 Mdsjack | 1 Mjguest | 2025-04-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs. | |||||
| CVE-2007-1059 | 1 Ultimate Fun Book | 1 Ultimate Fun Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error. | |||||
| CVE-2006-5970 | 1 Verity | 1 Ultraseek | 2025-04-09 | 5.0 MEDIUM | N/A |
| Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message. | |||||
| CVE-2007-1331 | 1 Tks Banking Solutions | 1 Eportfolio | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-7161 | 1 Aspindir | 1 Hazirsite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter. | |||||
| CVE-2007-0832 | 1 Vmware | 1 Workstation | 2025-04-09 | 1.2 LOW | N/A |
| VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems. | |||||
| CVE-2007-3188 | 1 Geometrix Download Portal | 1 Geometrix Download Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5632 | 1 Ig Shop | 1 Ig Shop | 2025-04-09 | 6.8 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6585 | 1 Mozilla | 1 Firefox | 2025-04-09 | 6.4 MEDIUM | N/A |
| The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. | |||||
| CVE-2006-5311 | 1 Buzlas | 1 Buzlas | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6198 | 1 Cpanel | 1 Webhost Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. | |||||
| CVE-2007-3965 | 1 Ufmod | 1 Ufmod Xm Player Library | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments. | |||||
| CVE-2006-6618 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
| AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6224 | 1 Puntal | 1 Puntal | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array. | |||||
| CVE-2006-5288 | 1 Cisco | 1 2700 Wireless Location Appliance | 2025-04-09 | 10.0 HIGH | N/A |
| Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893. | |||||
| CVE-2006-5671 | 1 Free Php Scripts | 1 Free Image Hosting | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0141 | 1 Yet Another Link Directory | 1 Yet Another Link Directory | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2007-1980 | 1 Nick Jones | 1 Topliste Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-4926 | 1 Kaspersky Lab | 4 Kaspersky Anti-virus, Kaspersky Anti-virus Personal, Kaspersky Anti-virus Personal Pro and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
| The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL. | |||||
| CVE-2006-7200 | 1 Emc | 1 Rsa Security Sitekey | 2025-04-09 | 9.0 HIGH | N/A |
| EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. | |||||