Total
29789 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6869 | 1 Maxdev | 1 Mdforum | 2025-04-09 | N/A |
| Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | ||||
| CVE-2006-6910 | 1 Fersch | 1 Formbankserver | 2025-04-09 | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | ||||
| CVE-2007-0049 | 1 Geckovich | 2 Tasktracker, Tasktracker Pro | 2025-04-09 | N/A |
| Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | ||||
| CVE-2007-0052 | 1 Vizayn Haber | 1 Vizayn Haber | 2025-04-09 | N/A |
| SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0093 | 1 Cms-center | 1 Simple Web Cms | 2025-04-09 | N/A |
| SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0120 | 1 Acunetix | 1 Web Vulnerability Scanner | 2025-04-09 | N/A |
| Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. | ||||
| CVE-2007-0703 | 1 Webbuilder | 1 Webbuilder | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter. | ||||
| CVE-2009-3736 | 2 Gnu, Redhat | 2 Libtool, Enterprise Linux | 2025-04-09 | N/A |
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2007-3620 | 1 Maia Mailguard | 1 Maia Mailguard | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b) php/internal-init.php, and (c) php/xlogin.php; the (4) lang parameter to (b) php/internal-init.php; and the (5) language parameter to (c) php/xlogin.php. | ||||
| CVE-2007-3573 | 1 Akocomment | 1 Akocomment | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. | ||||
| CVE-2007-3108 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2025-04-09 | N/A |
| The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. | ||||
| CVE-2006-6307 | 1 Novell | 1 Client | 2025-04-09 | N/A |
| srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. | ||||
| CVE-2007-0605 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. | ||||
| CVE-2007-0609 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-09 | N/A |
| Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php. | ||||
| CVE-2007-2531 | 1 Berylium | 1 Berylium2 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. | ||||
| CVE-2007-2538 | 1 Runcms | 1 Runcms | 2025-04-09 | N/A |
| SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. | ||||
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2025-04-09 | N/A |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | ||||
| CVE-2007-2544 | 1 Php Toptree Bbs | 1 Php Toptree Bbs | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. | ||||
| CVE-2007-2549 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter. | ||||
| CVE-2007-2558 | 1 Netsliver | 1 Pfa Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use | ||||