Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2017-10-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | |||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | |||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2017-10-19 | 5.0 MEDIUM | N/A |
| sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | |||||
| CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-1838 | 1 Clanscripte.net | 1 Fuju News | 2017-10-19 | 7.5 HIGH | N/A |
| edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | |||||
| CVE-2006-1480 | 1 Duda | 1 Webalbum | 2017-10-19 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. | |||||
| CVE-2006-1149 | 1 Owl | 1 Owl Intranet Engine | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use. | |||||
| CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2006-1784 | 1 Sphider | 1 Sphider | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | |||||
| CVE-2006-1819 | 1 Phpwebsite | 1 Phpwebsite | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". | |||||
| CVE-2006-1799 | 1 Adcentrix | 1 Censtore | 2017-10-19 | 7.5 HIGH | N/A |
| censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
| CVE-2006-2149 | 1 Avatic | 1 Aardvark Topsites Php | 2017-10-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | |||||
| CVE-2006-1153 | 1 D2-shoutbox | 1 D2-shoutbox | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB). | |||||
| CVE-2006-1219 | 1 Gallery Project | 1 Gallery | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | |||||
| CVE-2006-1954 | 1 Nfec.de | 1 Rechnungszentrale | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field. | |||||
| CVE-2006-1955 | 1 Nfec.de | 1 Rechnungszentrale | 2017-10-19 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | |||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2017-10-19 | 5.0 MEDIUM | N/A |
| DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
| CVE-2005-0859 | 1 Czaries Network | 1 Czarnews | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14. | |||||
| CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | |||||
| CVE-2005-2327 | 1 E107 | 1 E107 | 2017-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. | |||||
| CVE-2005-0847 | 1 Code Ocean | 1 Ocean Ftp Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections. | |||||
| CVE-2005-0708 | 2 Dragonflybsd, Freebsd | 2 Dragonflybsd, Freebsd | 2017-10-12 | 10.0 HIGH | N/A |
| The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2004-0538 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-10-12 | 7.5 HIGH | N/A |
| LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user. | |||||
| CVE-2004-0539 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-10-12 | 10.0 HIGH | N/A |
| The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2002-2138 | 1 Hp | 2 Advanced Server 9000, Hp-ux | 2017-10-12 | 5.0 MEDIUM | N/A |
| RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139. | |||||
| CVE-2006-2440 | 1 Imagemagick | 1 Imagemagick | 2017-10-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. | |||||
| CVE-2005-4533 | 1 Scponly | 1 Scponly | 2017-10-12 | 7.5 HIGH | N/A |
| Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered. | |||||
| CVE-2001-1564 | 1 Hp | 1 Hp-ux | 2017-10-12 | 2.1 LOW | N/A |
| setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space. | |||||
| CVE-2007-3370 | 1 Kim Kyoung Min | 1 Sun Board | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | |||||
| CVE-2007-2813 | 1 Cisco | 1 Ios Transmission Control Protocol | 2017-10-11 | 7.8 HIGH | N/A |
| Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session. | |||||
| CVE-2007-3006 | 1 Acoustica | 1 Acoustica Mp3 Cd Burner | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected. | |||||
| CVE-2007-3098 | 1 Castle Rock Computing | 1 Snmpc | 2017-10-11 | 5.0 MEDIUM | N/A |
| The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP. | |||||
| CVE-2007-2986 | 1 Nexen | 1 Adminbot Mx | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. | |||||
| CVE-2007-3360 | 1 Bitchx | 1 Bitchx | 2017-10-11 | 9.3 HIGH | N/A |
| hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | |||||
| CVE-2007-2752 | 1 Runawaysoft | 1 Haber Portal | 2017-10-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3358 | 1 Iptel | 1 Serweb | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | |||||
| CVE-2007-2989 | 1 Sun | 1 Solaris | 2017-10-11 | 7.8 HIGH | N/A |
| The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. | |||||
| CVE-2007-2662 | 1 Efestech Haber | 1 Efestech Haber | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI. | |||||
| CVE-2007-3325 | 1 Lms | 1 Lan Management System | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | |||||
| CVE-2007-2661 | 1 Drumster | 1 Blogme | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. | |||||
| CVE-2007-2660 | 2 Cjg Explorer Pro, Vincent Blavet | 2 Cjg Explorer Pro, Phpconcept Library | 2017-10-11 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199. | |||||
| CVE-2007-2990 | 1 Sun | 1 Solaris | 2017-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file. | |||||
| CVE-2007-2824 | 1 Alstrasoft | 1 E-friends | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | |||||
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter. | |||||
| CVE-2007-2659 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action. | |||||
| CVE-2007-2050 | 1 Ricargbook | 1 Ricargbook | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter. | |||||
| CVE-2007-2643 | 1 Pinkcrow Designs | 1 Designs Gallery Magazin | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | |||||
| CVE-2007-2656 | 1 Hp | 1 Hpqvwocx.dll | 2017-10-11 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. | |||||
| CVE-2007-2644 | 1 Morovia | 1 Barcode Activex Control | 2017-10-11 | 9.4 HIGH | N/A |
| A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename. | |||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | |||||