Total
29523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5473 | 1 Softerra | 1 Php Developer Library | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code | |||||
| CVE-2007-0620 | 1 Vlad Leont | 1 Fd Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. | |||||
| CVE-2007-1641 | 1 Portailphp | 1 Portailphp | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter. | |||||
| CVE-2007-3824 | 1 Mehmet Zati Karahan | 1 Mzk Blog | 2025-04-09 | 10.0 HIGH | N/A |
| SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | |||||
| CVE-2007-0309 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-3005 | 1 Lunascape | 1 Lunascape | 2025-04-09 | 4.3 MEDIUM | N/A |
| Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | |||||
| CVE-2007-2862 | 1 Devellion | 1 Cubecart | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. | |||||
| CVE-2007-1107 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. | |||||
| CVE-2007-0525 | 1 Grigoriadis | 1 Mini Web Server | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. | |||||
| CVE-2006-5727 | 1 Sazcart | 1 Sazcart | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/controls/cart.php in sazcart 1.5 allows remote attackers to execute arbitrary PHP code via the (1) _saz[settings][shippingfolder] and (2) _saz[settings][taxfolder] parameters. | |||||
| CVE-2006-6203 | 1 Krishan | 1 Flyspray | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2006-5157 | 1 Trend Micro | 1 Officescan | 2025-04-09 | 5.1 MEDIUM | N/A |
| Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". | |||||
| CVE-2007-0251 | 1 Snort | 1 Snort | 2025-04-09 | 7.8 HIGH | N/A |
| Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. | |||||
| CVE-2007-0640 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | |||||
| CVE-2007-2538 | 1 Runcms | 1 Runcms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. | |||||
| CVE-2006-6690 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | |||||
| CVE-2007-2961 | 1 Filecloset | 1 Filecloset | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | |||||
| CVE-2007-2847 | 1 Hlstats | 1 Hlstats | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812. | |||||
| CVE-2007-1491 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2025-04-09 | 5.2 MEDIUM | N/A |
| Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | |||||
| CVE-2006-5751 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
| Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request. | |||||