Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29523 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5475 1 Drupal 1 Drupal 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
CVE-2007-4354 1 Ibm 1 Aix 2025-04-09 7.2 HIGH N/A
Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
CVE-2006-7190 1 Web-app.net 1 Webapp 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.
CVE-2007-1712 1 Active Web Softwares 1 Active Auction House 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-2245 1 Phpmyadmin 1 Phpmyadmin 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
CVE-2006-5412 1 Php Outburst 1 Easynews 2025-04-09 5.1 MEDIUM N/A
admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.
CVE-2006-6534 1 Oscommerce 1 Oscommerce 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php.
CVE-2007-0121 1 Michael Romedahl 1 Ri Blog 2025-04-09 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-5161 1 Ibm 1 Client Security Password Manager 2025-04-09 6.4 MEDIUM N/A
IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.
CVE-2006-5468 1 Wireshark 1 Wireshark 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2008-5344 1 Sun 3 Jdk, Jre, Sdk 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
CVE-2006-6667 1 Verliadmin 1 Verliadmin 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3868 1 Oracle 1 Peoplesoft Enterprise 2025-04-09 6.5 MEDIUM N/A
Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03.
CVE-2007-4302 1 Freshmeat 1 Generic Software Wrappers Toolkit 2025-04-09 6.2 MEDIUM N/A
Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing.
CVE-2006-6626 1 Moodle 1 Moodle 2025-04-09 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941.
CVE-2007-0721 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 6.8 MEDIUM N/A
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
CVE-2007-3134 1 Atom 1 Photoblog 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments."
CVE-2007-3659 1 Freewrl 1 Freewrl 2025-04-09 4.6 MEDIUM N/A
Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2006-6336 1 Eudora 1 Worldmail Management Server 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.
CVE-2006-6018 1 Jim Plush 1 My-bic 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant