Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29523 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1989 1 Dotclear 1 Dotclear 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.
CVE-2006-6206 1 Warhound 1 Warhound General Shopping Cart 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
CVE-2007-0124 1 Drupal 1 Drupal 2025-04-09 3.5 LOW N/A
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
CVE-2006-6969 1 Jetty 1 Jetty Http Server 2025-04-09 6.8 MEDIUM N/A
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
CVE-2007-1021 1 Xfairguy 1 Codeavalanche News 2025-04-09 10.0 HIGH N/A
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
CVE-2006-5088 1 Phpheaven 1 Phpmychat 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter.
CVE-2006-6344 1 Neocrome 1 Seditio 2025-04-09 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection.
CVE-2007-2550 1 Devellion 1 Cubecart 2025-04-09 5.0 MEDIUM N/A
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
CVE-2007-0166 1 Freebsd 1 Freebsd 2025-04-09 6.6 MEDIUM N/A
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.
CVE-2007-3648 1 Valarsoft 1 Webmatic 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information.
CVE-2007-1195 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2025-04-09 7.5 HIGH N/A
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
CVE-2007-4247 1 Microsoft 1 Windows Vista 2025-04-09 4.3 MEDIUM N/A
Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.
CVE-2008-0001 1 Linux 1 Linux Kernel 2025-04-09 3.6 LOW N/A
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
CVE-2007-1048 1 Phpbb Wordsearch 1 Phpbb Wordsearch 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-2691 3 Canonical, Debian, Mysql 3 Ubuntu Linux, Debian Linux, Mysql 2025-04-09 4.9 MEDIUM N/A
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
CVE-2006-6290 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2025-04-09 6.5 MEDIUM N/A
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command.
CVE-2007-3853 1 Oracle 1 Database Server 2025-04-09 6.5 MEDIUM N/A
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.
CVE-2007-0150 1 Dayfox Designs 1 Dayfox Blog 2025-04-09 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
CVE-2009-0077 1 Microsoft 2 Forefront Threat Management Gateway, Internet Security And Acceleration Server 2025-04-09 5.0 MEDIUM N/A
The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."
CVE-2007-1858 1 Apache 1 Tomcat 2025-04-09 2.6 LOW N/A
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.