Total
29866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4260 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | N/A |
| EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username. | ||||
| CVE-2006-5095 | 1 Myphotos | 1 Myphotos | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions | ||||
| CVE-2007-4262 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/. | ||||
| CVE-2007-4263 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. | ||||
| CVE-2007-4264 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters. | ||||
| CVE-2007-4265 | 1 Visionera Ab | 1 Visionproject | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do. | ||||
| CVE-2007-4270 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. | ||||
| CVE-2006-5105 | 1 Forum One | 1 Syntaxcms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055. | ||||
| CVE-2006-5107 | 1 Devellion | 1 Cubecart | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. | ||||
| CVE-2006-5110 | 1 Php Invoice | 1 Php Invoice | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-4294 | 1 Cisco | 2 Ios, Unified Communications Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. | ||||
| CVE-2007-4297 | 1 Aspindir | 1 Dersimiz Haber Ekleme Modulu | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4301 | 1 Webcart | 1 Webcart | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-7135 | 1 Php Poll Creator | 1 Php Poll Creator | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4308 | 3 Adaptec, Linux, Redhat | 3 Aacraid Controller, Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. | ||||
| CVE-2007-4310 | 1 Sun | 1 Sunos | 2025-04-09 | N/A |
| The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503. | ||||
| CVE-2007-4313 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958. | ||||
| CVE-2007-4317 | 1 Zyxel | 2 Zynos, Zywall 2 | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. | ||||
| CVE-2007-4318 | 1 Zyxel | 2 Zynos, Zywall 2 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. | ||||
| CVE-2006-5133 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-09 | N/A |
| Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." | ||||