Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1556 | 1 Thecreativeheads.de | 1 Creative Files | 2026-04-23 | N/A |
| SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. | ||||
| CVE-2006-5929 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2007-1566 | 1 Netvios | 1 Netvios | 2026-04-23 | N/A |
| SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954. | ||||
| CVE-2006-5930 | 1 Aigaion | 1 Aigaion | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. | ||||
| CVE-2006-5934 | 1 Iexpress | 1 Estate Agent Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field. | ||||
| CVE-2007-1575 | 1 Phprojekt | 1 Phprojekt | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out. | ||||
| CVE-2007-1585 | 1 Linksys | 2 Wag200g, Wrt54gc | 2026-04-23 | N/A |
| The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3557 | 1 Wheatblog | 1 Wheatblog | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | ||||
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | ||||
| CVE-2007-0562 | 1 Microsoft | 1 Windows Explorer | 2026-04-23 | N/A |
| Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. | ||||
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2026-04-23 | N/A |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5953 | 1 Lynx Internet Solutions | 1 Evolve Merchant | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter. | ||||
| CVE-2006-5955 | 1 20 20 Applications | 1 20 20 Datashed | 2026-04-23 | N/A |
| SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2026-04-23 | N/A |
| XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2006-5959 | 1 Web Inhabit | 1 A\+ Store E-commerce | 2026-04-23 | N/A |
| SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter. | ||||
| CVE-2006-5960 | 1 Web Inhabit | 1 A\+ Store E-commerce | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information. | ||||
| CVE-2007-0637 | 1 Galeria Zdjec | 1 Galeria Zdjec | 2026-04-23 | N/A |
| Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php. | ||||
| CVE-2007-0645 | 1 Apple | 1 Iphoto | 2026-04-23 | N/A |
| Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. | ||||
| CVE-2006-5964 | 1 Pentaware | 2 Pentasuite-pro, Pentazip | 2026-04-23 | N/A |
| choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename. | ||||
| CVE-2006-5967 | 1 Panda | 1 Activescan | 2026-04-23 | N/A |
| Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe. | ||||