Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0402 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2007-2305 | 1 Qdblog | 1 Qdblog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2006-5918 | 1 Php Rapid Kill | 1 Php Rapid Kill | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites. | |||||
| CVE-2007-3942 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use | |||||
| CVE-2006-6380 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2007-4072 | 1 Tincan | 1 Webbler Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. | |||||
| CVE-2009-1286 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 5.0 MEDIUM | N/A |
| The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | |||||
| CVE-2007-3577 | 1 Phpids | 1 Phpids | 2025-04-09 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-0509 | 1 Maklerplus | 1 Maklerplus | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages. | |||||
| CVE-2007-2257 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb2 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-4108 | 1 Codewidgets | 1 Online Event Registration Template | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2006-5888 | 1 Superfreaker Studios | 1 Upublisher | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2007-3073 | 3 Apple, Mozilla, Unix | 3 Mac Os X, Firefox, Unix | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. | |||||
| CVE-2007-4084 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php. | |||||
| CVE-2007-1458 | 1 Care2x | 1 Care2x | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files. | |||||
| CVE-2007-4159 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 5.0 MEDIUM | N/A |
| index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. | |||||
| CVE-2006-7123 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php. | |||||
| CVE-2007-3084 | 1 Comdev | 1 Comdev Web Blogger | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. | |||||
| CVE-2007-4378 | 1 Rndlabs | 1 Babo Violent | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | |||||
| CVE-2007-2058 | 1 Picozip | 1 Picozip | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive. | |||||