Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3557 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | ||||
| CVE-2007-3568 | 1 Imlib | 1 Imlib | 2025-04-09 | N/A |
| The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | ||||
| CVE-2007-0377 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | ||||
| CVE-2006-5234 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable | ||||
| CVE-2007-3580 | 1 Phpids | 1 Phpids | 2025-04-09 | N/A |
| PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. | ||||
| CVE-2006-5255 | 1 Greg Neustaetter | 1 Gcards | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in addnews.php in Greg Neustaetter gCards 1.13 allows remote attackers to execute arbitrary PHP code via a URL in the languagefile parameter. NOTE: another researcher has observed that languageFile is defined before use. CVE analysis as of 20061012 concurs with the dispute | ||||
| CVE-2007-3585 | 1 Mycms | 1 Mycms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | ||||
| CVE-2007-3588 | 1 Vbzoom | 1 Vbzoom | 2025-04-09 | N/A |
| SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4. | ||||
| CVE-2007-3589 | 1 B1g | 1 B1gbb | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | ||||
| CVE-2007-1111 | 1 Activecalendar | 1 Activecalendar | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/. | ||||
| CVE-2007-3603 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | N/A |
| SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. | ||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2025-04-09 | N/A |
| The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | ||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2025-04-09 | N/A |
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | ||||
| CVE-2006-5928 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php. | ||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2025-04-09 | N/A |
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | ||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2025-04-09 | 8.1 High |
| Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. | ||||
| CVE-2006-6165 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-09 | 7.8 High |
| ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment | ||||
| CVE-2006-5948 | 1 Ringsworld | 1 Phppeanuts | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | ||||
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | N/A |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | ||||
| CVE-2006-5835 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | N/A |
| The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. | ||||