Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3196 | 1 Jelsoft | 1 Vbsupport Integrated Ticket System | 2025-04-09 | N/A |
| SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. | ||||
| CVE-2006-6069 | 1 Malbum | 1 Malbum | 2025-04-09 | N/A |
| index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. | ||||
| CVE-2006-6068 | 1 Malbum | 1 Malbum | 2025-04-09 | N/A |
| Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php. | ||||
| CVE-2007-3192 | 1 Jffnms | 1 Just For Fun Network Management System | 2025-04-09 | N/A |
| admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. | ||||
| CVE-2007-3318 | 1 Avaya | 1 One-x | 2025-04-09 | N/A |
| Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message. | ||||
| CVE-2006-6066 | 1 Dragon Internet | 1 Events Listing | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp. | ||||
| CVE-2007-3315 | 1 Yourfreescreamer | 1 Yourfreescreamer | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6064 | 1 Fuzzball Muck | 1 Fuzzball Muck | 2025-04-09 | N/A |
| Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages. | ||||
| CVE-2007-3188 | 1 Geometrix Download Portal | 1 Geometrix Download Portal | 2025-04-09 | N/A |
| SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3312 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | ||||
| CVE-2007-3310 | 1 Tdizin | 1 Tdizin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6057 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function. | ||||
| CVE-2007-0704 | 1 Somery | 1 Somery | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation. | ||||
| CVE-2006-6056 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. | ||||
| CVE-2006-6052 | 1 Netepi Case Manager | 1 Netepi Case Manager | 2025-04-09 | N/A |
| NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2007-3308 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | N/A |
| Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack. | ||||
| CVE-2006-6045 | 1 Comdev | 1 Comdev One Admin Pro | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php. | ||||
| CVE-2006-6043 | 1 Oliver | 1 Oliver | 2025-04-09 | N/A |
| PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function. | ||||
| CVE-2006-6040 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. | ||||
| CVE-2007-3307 | 1 Solar Empire | 1 Solar Empire | 2025-04-09 | N/A |
| SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | ||||