Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6050 | 1 Clicktech | 1 Texas Rankem | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp. | |||||
| CVE-2009-4118 | 1 Cisco | 1 Vpn Client | 2025-04-09 | 2.1 LOW | N/A |
| The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. | |||||
| CVE-2007-1981 | 2 Metamod-p, Microsoft | 2 Metamod-p, All Windows | 2025-04-09 | 7.8 HIGH | N/A |
| The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. | |||||
| CVE-2007-1515 | 1 Horde | 1 Imp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2025-04-09 | 7.5 HIGH | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||||
| CVE-2006-5726 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. | |||||
| CVE-2006-6758 | 1 Http Explorer | 1 Http Explorer Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI. | |||||
| CVE-2006-6080 | 1 Gazatem Technologies | 1 Gnews Publisher | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter. | |||||
| CVE-2007-3691 | 1 Av Scripts | 1 Av Tutorial Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630. | |||||
| CVE-2006-5150 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | |||||
| CVE-2007-2627 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. | |||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2025-04-09 | 5.0 MEDIUM | N/A |
| Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | |||||
| CVE-2006-5076 | 1 Back-end | 1 Back-end Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php. | |||||
| CVE-2007-3526 | 1 Vastal I-tech | 1 Buddy Zone | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. | |||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-3402 | 1 Pagetool | 1 Pagetool | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. | |||||
| CVE-2007-1289 | 1 Tyger | 1 Bug Tracking System | 2025-04-09 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||
| CVE-2006-4393 | 1 Apple | 1 Mac Os X | 2025-04-09 | 3.7 LOW | N/A |
| Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. | |||||