Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6354 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976. | |||||
| CVE-2007-0631 | 1 Eclectic Designs | 1 Cascadianfaq | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-6675 | 1 Novell | 2 Apache Http Server, Netware | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. | |||||
| CVE-2007-0211 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-09 | 7.2 HIGH | N/A |
| The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | |||||
| CVE-2007-0866 | 1 Hp | 1 Openview Storage Data Protector | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-2491 | 1 Vmware | 2 Server, Workstation | 2025-04-09 | 7.2 HIGH | N/A |
| The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337. | |||||
| CVE-2006-7156 | 1 Minibb | 1 Keyword Replacer | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | |||||
| CVE-2007-1221 | 1 Microsoft | 1 Xbox 360 | 2025-04-09 | 7.2 HIGH | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. | |||||
| CVE-2006-5130 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-1689 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. | |||||
| CVE-2007-2532 | 1 Obie Website | 1 Mini Web Shop | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734. | |||||
| CVE-2006-6588 | 1 Apache | 1 Ofbiz | 2025-04-09 | 7.5 HIGH | N/A |
| The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | |||||
| CVE-2007-3576 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar. | |||||
| CVE-2007-3498 | 1 Htmlpurifier | 1 Htmlpurifier | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output." | |||||
| CVE-2006-7107 | 1 Coalescent Systems | 1 Freepbx | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter. | |||||
| CVE-2007-3164 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.8 MEDIUM | N/A |
| Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. | |||||
| CVE-2006-5022 | 1 Pnews Systems | 1 Pnews | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter. | |||||
| CVE-2007-1540 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated. | |||||
| CVE-2007-1445 | 1 Betaparticle | 1 Betaparticle Blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter. | |||||
| CVE-2007-0195 | 1 F5 | 1 Firepass | 2025-04-09 | 5.0 MEDIUM | N/A |
| my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | |||||