Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1675 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | N/A |
| Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. | ||||
| CVE-2007-1680 | 1 Yahoo | 1 Messenger | 2025-04-09 | N/A |
| Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. | ||||
| CVE-2006-6007 | 1 Webevents | 1 Online Event Registration | 2025-04-09 | N/A |
| save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. | ||||
| CVE-2006-6011 | 1 Sap | 1 Sap Web Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. | ||||
| CVE-2006-6012 | 1 Mginternet | 1 Car Site Manager | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6021 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2025-04-09 | N/A |
| SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | ||||
| CVE-2007-0860 | 1 Laboratory For Optical And Computational Instrumentation | 1 Local Calendar System | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use | ||||
| CVE-2006-6029 | 1 Property Pro | 1 Property Pro | 2025-04-09 | N/A |
| SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field. | ||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2025-04-09 | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | ||||
| CVE-2007-0861 | 1 Phpcoin | 1 Phpcoin | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached | ||||
| CVE-2006-6030 | 1 Futuretec | 1 E-calendar Pro | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0869 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1703 | 1 Joomla | 1 Rwcards Component | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
| CVE-2007-2461 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2025-04-09 | N/A |
| The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used. | ||||
| CVE-2006-6032 | 1 Sphpblog | 1 Sphpblog | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9. | ||||
| CVE-2007-1705 | 1 Active Trade | 1 Active Trade | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-2462 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2025-04-09 | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. | ||||
| CVE-2006-7122 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. | ||||
| CVE-2007-2688 | 1 Cisco | 2 Ios, Ips Sensor Software | 2025-04-09 | N/A |
| The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | ||||
| CVE-2006-7128 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter. | ||||