Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6509 | 1 Sitekiosk | 1 Sitekiosk | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser. | ||||
| CVE-2007-3358 | 1 Iptel | 1 Serweb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | ||||
| CVE-2007-3360 | 1 Bitchx | 1 Bitchx | 2025-04-09 | N/A |
| hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | ||||
| CVE-2007-3363 | 1 Ageet | 1 Agephone | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets. | ||||
| CVE-2007-3376 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2025-04-09 | N/A |
| Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. | ||||
| CVE-2006-6510 | 1 Sitekiosk | 1 Sitekiosk | 2025-04-09 | N/A |
| An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions. | ||||
| CVE-2007-3384 | 1 Apache | 1 Tomcat | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. | ||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2025-04-09 | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | ||||
| CVE-2007-3388 | 2 Redhat, Trolltech | 2 Enterprise Linux, Qt | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. | ||||
| CVE-2007-3012 | 1 Fujitsu | 1 Primergy Bx300 | 2025-04-09 | N/A |
| The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm. | ||||
| CVE-2006-6382 | 1 Positive Software | 1 H-sphere | 2025-04-09 | N/A |
| The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3003 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. | ||||
| CVE-2007-2999 | 1 Microsoft | 1 Windows 2003 Server | 2025-04-09 | N/A |
| Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. | ||||
| CVE-2007-2996 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl." | ||||
| CVE-2007-2995 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | ||||
| CVE-2007-2994 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. | ||||
| CVE-2007-2993 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. | ||||
| CVE-2006-6526 | 1 Gizzar | 1 Gizzar | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | ||||
| CVE-2007-2483 | 1 Ruben Boelinger | 1 Wp-table | 2025-04-09 | N/A |
| Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter. | ||||
| CVE-2007-2499 | 1 Globalmegacorp | 1 Dvddb | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php. | ||||