Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29519 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5106 1 Facileforms 1 Facileforms 2025-04-09 5.1 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-6910 1 Fersch 1 Formbankserver 2025-04-09 7.8 HIGH N/A
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.
CVE-2007-2105 1 Monkey Cms 1 Monkey Cms 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter.
CVE-2007-4121 1 E-commerce Solutions 3 Auction Script, Multi-vendor E-shop Script, Shopping Cart Script 2025-04-09 10.0 HIGH N/A
Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2006-7063 1 Tinyphpforum 1 Tinyphpforum 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
CVE-2006-7099 1 Solarpay 1 Solarpay 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0204 1 Phpmyadmin 1 Phpmyadmin 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-1114 1 Microsoft 1 Ie 2025-04-09 4.3 MEDIUM N/A
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
CVE-2007-2210 1 Netsprint 1 Ask Ie Toolbar 2025-04-09 7.8 HIGH N/A
A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.
CVE-2006-5930 1 Aigaion 1 Aigaion 2025-04-09 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php.
CVE-2006-7008 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
CVE-2007-4120 1 Jelsoft 1 Vbulletin 2025-04-09 9.3 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims
CVE-2006-5353 1 Oracle 2 Application Server, Collaboration Suite 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01.
CVE-2007-2688 1 Cisco 2 Ios, Ips Sensor Software 2025-04-09 7.8 HIGH N/A
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
CVE-2007-0120 1 Acunetix 1 Web Vulnerability Scanner 2025-04-09 1.9 LOW N/A
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
CVE-2007-2016 1 Phpmyadmin 1 Phpmyadmin 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
CVE-2007-2759 1 Adempiere 1 Adempiere 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-2531 1 Berylium 1 Berylium2 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.
CVE-2006-6598 1 Torrentflux 2 Torrentflux, Torrentflux-b4rt 2025-04-09 6.5 MEDIUM N/A
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.
CVE-2006-5044 2 Joomla, Mambo 2 Prince Clan Chess Component, Prince Clan Chess Component 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.