Total
266093 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6105 | 1 Talkback | 1 Talkback | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php. | |||||
| CVE-2007-3178 | 1 Zindizayn Okul Web Sistemi | 1 Zindizayn Okul Web Sistemi | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. | |||||
| CVE-2007-6354 | 1 Aertherwide | 1 Exiftags | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355. | |||||
| CVE-2008-0921 | 1 Becontent | 1 Becontent | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0646 | 1 Apple | 3 Imovie, Mac Os X, Safari | 2024-02-28 | 7.1 HIGH | N/A |
| Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. | |||||
| CVE-2006-5091 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors. | |||||
| CVE-2006-5099 | 1 Andreas Gohr | 1 Dokuwiki | 2024-02-28 | 7.5 HIGH | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert. | |||||
| CVE-2007-3285 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-02-28 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | |||||
| CVE-2006-5497 | 1 Middlebury College | 1 Segue Cms | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter. | |||||
| CVE-2006-5324 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.5 HIGH | N/A |
| The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. | |||||
| CVE-2007-4168 | 2024-02-28 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4168. Reason: This candidate is a duplicate of CVE-2006-4168. It was inadvertently used in a vendor advisory when the "2006" year was intended. Notes: All CVE users should reference CVE-2006-4168 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2007-6272 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | |||||
| CVE-2006-5676 | 1 Uni-vert | 1 Phpleague | 2024-02-28 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter. | |||||
| CVE-2007-2920 | 1 Zoomify | 1 Zoomify Viewer Activex Control | 2024-02-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6175 | 1 Horde | 1 Kronolith | 2024-02-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. | |||||
| CVE-2007-3160 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. | |||||
| CVE-2006-6407 | 1 F-prot | 1 F-prot Antivirus | 2024-02-28 | 5.0 MEDIUM | N/A |
| F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2006-6276 | 1 Sun | 4 Java System Application Server, Java System Web Proxy Server, Java System Web Server and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
| HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors. | |||||
| CVE-2007-2843 | 1 Apple | 1 Safari | 2024-02-28 | 10.0 HIGH | N/A |
| Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | |||||
| CVE-2007-0848 | 1 Maian Recipe | 1 Maian Recipe | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | |||||