Total
29519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6342 | 1 Klf-design | 1 Klf-realty | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp. | |||||
| CVE-2006-5477 | 1 Drupal | 1 Drupal | 2025-04-09 | 2.6 LOW | N/A |
| Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | |||||
| CVE-2006-4807 | 1 Enlightenment | 1 Imlib2 | 2025-04-09 | 2.6 LOW | N/A |
| loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808. | |||||
| CVE-2008-6830 | 1 Citrix | 1 Web Interface | 2025-04-09 | 4.0 MEDIUM | N/A |
| The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. | |||||
| CVE-2007-2228 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
| rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. | |||||
| CVE-2007-2067 | 1 Webslider | 1 Webslider | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. | |||||
| CVE-2006-5455 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. | |||||
| CVE-2006-6302 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | 5.0 MEDIUM | N/A |
| fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address. | |||||
| CVE-2009-3808 | 1 Kramware | 1 Mixsense Dj Studio | 2025-04-09 | 9.3 HIGH | N/A |
| MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file. | |||||
| CVE-2006-6346 | 1 Sap | 1 Internet Graphics Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134. | |||||
| CVE-2007-4085 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. | |||||
| CVE-2007-3358 | 1 Iptel | 1 Serweb | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | |||||
| CVE-2008-5360 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 6.4 MEDIUM | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. | |||||
| CVE-2007-3575 | 1 Freedomain.co.nr | 1 Clone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. | |||||
| CVE-2006-7022 | 1 Fx-app | 1 Fx-app | 2025-04-09 | 10.0 HIGH | N/A |
| The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. | |||||
| CVE-2007-4239 | 1 C-sam | 1 Onewallet | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. | |||||
| CVE-2007-0081 | 1 Sunbelt | 1 Sunbelt Kerio Personal Firewall | 2025-04-09 | 6.8 MEDIUM | N/A |
| Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. | |||||
| CVE-2007-3060 | 1 Osi Codes Inc. | 1 Phplive | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769. | |||||
| CVE-2007-0573 | 1 Nsgalphp | 1 Nsgalphp | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter. | |||||
| CVE-2007-3175 | 1 W2b | 1 Online Banking | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b. | |||||