Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5441 | 1 Comdev | 1 Comdev Web Blogger | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2008-5913 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.9 MEDIUM | N/A |
| The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | |||||
| CVE-2007-4061 | 1 Nessus | 1 Vulnerability Scanner | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-6987 | 1 Ezonescripts | 1 Dating Website Script | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2077 | 1 Maian | 1 Search | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." | |||||
| CVE-2007-4112 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation." | |||||
| CVE-2007-0171 | 1 Allmylinks Project | 1 Allmylinks | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | |||||
| CVE-2006-5946 | 1 Funkyasp | 1 Glossary | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter. | |||||
| CVE-2007-0053 | 1 Asp Siteware | 1 Autodealer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | |||||
| CVE-2008-1687 | 1 Gnu | 1 M4 | 2025-04-09 | 7.5 HIGH | N/A |
| The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | |||||
| CVE-2008-0470 | 2 Comodo, Microsoft | 2 Comodo Antivirus, Activex | 2025-04-09 | 9.3 HIGH | N/A |
| A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. | |||||
| CVE-2006-6219 | 1 Dev4u | 1 Dev4u Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters. | |||||
| CVE-2007-2493 | 1 Mxbb | 2 Mxbb Faq, Mxbb Rules | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-6901 | 1 Microsoft | 1 Windows 2003 Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||
| CVE-2007-4084 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php. | |||||
| CVE-2007-0066 | 1 Microsoft | 6 Home Server, Small Business Server, Windows 2000 and 3 more | 2025-04-09 | 7.1 HIGH | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." | |||||
| CVE-2007-0576 | 1 Xt-stats | 1 Xt-stats | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter. | |||||
| CVE-2007-3859 | 1 Oracle | 3 Application Server, Collaboration Suite, Database Server | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01. | |||||
| CVE-2006-5668 | 1 Ampache | 1 Ampache | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access. | |||||
| CVE-2007-1656 | 1 Katalog Plyt Audio | 1 Katalog Plyt Audio | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, different vectors than CVE-2007-1612. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||