Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4399 | 1 Irssi | 1 Irssi | 2025-04-09 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | |||||
| CVE-2007-3889 | 1 Insanely Simple Blog | 1 Insanely Simple Blog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. | |||||
| CVE-2007-2613 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | 8.3 HIGH | N/A |
| WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable. | |||||
| CVE-2007-6682 | 1 Videolan | 1 Vlc | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||||
| CVE-2006-6910 | 1 Fersch | 1 Formbankserver | 2025-04-09 | 7.8 HIGH | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | |||||
| CVE-2007-2316 | 1 Open Business Management | 1 Open Business Management | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." | |||||
| CVE-2007-1407 | 1 Open Solution | 1 Quick.cart | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit." | |||||
| CVE-2006-5590 | 1 Articlebeach | 1 Articlebeach Script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2007-2767 | 1 Opendap | 2 Bes, Hyrax | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors. | |||||
| CVE-2006-5549 | 1 Adobe | 1 Adobe Php Ria Sdk | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant | |||||
| CVE-2007-5614 | 1 Mortbay Jetty | 1 Jetty | 2025-04-09 | 7.5 HIGH | N/A |
| Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. | |||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | |||||
| CVE-2006-6007 | 1 Webevents | 1 Online Event Registration | 2025-04-09 | 5.0 MEDIUM | N/A |
| save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. | |||||
| CVE-2006-6557 | 1 Skulls | 1 Skulls | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." | |||||
| CVE-2007-6358 | 1 Glyph And Cog | 1 Pdftops | 2025-04-09 | 4.9 MEDIUM | N/A |
| pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS. | |||||
| CVE-2006-7044 | 1 Cmpro Team | 1 Clan Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | |||||
| CVE-2006-5871 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.1 MEDIUM | N/A |
| smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings. | |||||
| CVE-2007-3814 | 1 Mkportal | 1 Mkportal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. | |||||
| CVE-2006-6794 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter. | |||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | |||||