ReportizFlow
Filtered by vendor
Subscriptions
Total
29894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5643 | 1 Foresite Cms | 1 Foresite Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2025-04-09 | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5443 | 1 Xiao Gang | 1 Www Interactive Mathematics Server | 2025-04-09 | N/A |
| Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." | ||||
| CVE-2008-7106 | 1 Sophos | 1 Puremessage For Microsoft Exchange | 2025-04-09 | N/A |
| The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay). | ||||
| CVE-2006-5249 | 1 Tagit | 1 Tagboard | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter. | ||||
| CVE-2006-5259 | 1 Compteur | 1 Compteur | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in param_editor.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the folder parameter. | ||||
| CVE-2006-5138 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | N/A |
| Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. | ||||
| CVE-2006-5047 | 1 Joomla | 1 Rs Gallery2 | 2025-04-09 | N/A |
| Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code. | ||||
| CVE-2006-5026 | 1 Paisterist | 1 Simple Http Scanner | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors. | ||||
| CVE-2006-5025 | 1 Paisterist | 1 Simple Http Scanner | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors. | ||||
| CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | ||||
| CVE-2007-4171 | 1 Auracms | 1 Modul Forum Sederhana | 2025-04-09 | N/A |
| SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4166 | 1 Wordpress | 2 Unamed Theme, Unamed Theme Se | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5130 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php. | ||||
| CVE-2007-4164 | 1 Sun | 1 Java System Web Server | 2025-04-09 | N/A |
| CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. | ||||
| CVE-2006-4685 | 1 Microsoft | 2 Xml Core Services, Xml Parser | 2025-04-09 | N/A |
| The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. | ||||
| CVE-2007-4256 | 1 Ynp | 1 Portal Systems | 2025-04-09 | N/A |
| Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. | ||||
| CVE-2007-4265 | 1 Visionera Ab | 1 Visionproject | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do. | ||||
| CVE-2007-4658 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | ||||