Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1600 | 1 Digital Eye Gallery | 1 Digital Eye Gallery | 2025-04-09 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | |||||
| CVE-2007-1869 | 1 Lighttpd | 1 Lighttpd | 2025-04-09 | 5.0 MEDIUM | N/A |
| lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. | |||||
| CVE-2007-3684 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. | |||||
| CVE-2007-0584 | 1 G-neric | 1 Php Generic Library And Framework | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2006-6208 | 1 Enthrallweb | 1 Eclassifieds | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp. | |||||
| CVE-2007-4072 | 1 Tincan | 1 Webbler Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. | |||||
| CVE-2007-3648 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5250 | 1 Blueshoes | 1 Blueshoes Framework | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864. | |||||
| CVE-2007-0869 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7042 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2006-6686 | 1 Textsend | 1 Textsend | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | |||||
| CVE-2007-1009 | 1 Macrovision | 1 Installanywhere | 2025-04-09 | 4.6 MEDIUM | N/A |
| Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file. | |||||
| CVE-2007-2089 | 1 Jx Development | 1 Article Component | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/. | |||||
| CVE-2007-3964 | 1 Itaka | 1 Itaka | 2025-04-09 | 5.0 MEDIUM | N/A |
| Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot. | |||||
| CVE-2007-3321 | 1 Avaya | 1 4602sw Ip Phone | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp). | |||||
| CVE-2007-1417 | 1 Hc Design | 1 Newssystem | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion. | |||||
| CVE-2006-6231 | 1 Vubb | 1 Vubb | 2025-04-09 | 5.0 MEDIUM | N/A |
| vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message. | |||||
| CVE-2007-4167 | 1 Al-caricatier | 1 Al-caricatier | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter. | |||||
| CVE-2006-5215 | 3 Netbsd, Sun, X.org | 4 Netbsd, Solaris, Sunos and 1 more | 2025-04-09 | 2.6 LOW | N/A |
| The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. | |||||
| CVE-2006-5744 | 1 Mobilesecure Inc | 2 Highwall Endpoint, Highwall Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator. | |||||