Total
29863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5244 | 1 Opendock | 1 Easy Blog | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_read_file.php, and (5) lib_form_file.php in sw/lib_up_file; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified vectors. | ||||
| CVE-2006-5171 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Protection Suites | 2025-04-09 | N/A |
| Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. | ||||
| CVE-2006-6185 | 1 Wabbit | 1 Wabbit Php Gallery | 2025-04-09 | N/A |
| Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php. | ||||
| CVE-2006-5389 | 1 Wyana | 1 Php-wyana | 2025-04-09 | N/A |
| tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message. | ||||
| CVE-2006-5343 | 1 Oracle | 1 Database Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbms_scheduler, aka Vuln# DB19. | ||||
| CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2025-04-09 | N/A |
| Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | ||||
| CVE-2007-0954 | 1 Mohachat | 1 Moha Chat | 2025-04-09 | N/A |
| MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors. | ||||
| CVE-2007-2578 | 1 Acp3 | 1 Acp3 | 2025-04-09 | N/A |
| Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter. | ||||
| CVE-2007-3312 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | ||||
| CVE-2007-4435 | 1 Torrenttrader | 1 Torrenttrader | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php. | ||||
| CVE-2006-5106 | 1 Facileforms | 1 Facileforms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-5113 | 1 Yuuki Yoshizawa | 1 Exporia | 2025-04-09 | N/A |
| Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5116 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. | ||||
| CVE-2006-5117 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. | ||||
| CVE-2006-5127 | 1 Conpresso | 1 Conpresso Cms | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php. | ||||
| CVE-2006-5128 | 1 Conpresso | 1 Conpresso Cms | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter. | ||||
| CVE-2006-5134 | 1 Hp | 1 Mercury Sitescope | 2025-04-09 | N/A |
| Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field. | ||||
| CVE-2007-1367 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. | ||||
| CVE-2007-1370 | 1 Zend | 1 Zend Platform | 2025-04-09 | N/A |
| Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities. | ||||
| CVE-2007-2412 | 1 Seir Anphin | 1 Seir Anphin | 2025-04-09 | N/A |
| Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use | ||||