Total
29918 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5933 | 1 Ultrasite | 1 Ultrasite | 2026-04-23 | N/A |
| SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5935 | 1 Shopsystems | 1 Shopsystems | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter. | ||||
| CVE-2007-1851 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php. | ||||
| CVE-2006-5931 | 1 Aigaion | 1 Aigaion | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5932 | 1 Kahua | 1 Kahua | 2026-04-23 | N/A |
| Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts. | ||||
| CVE-2006-5801 | 1 Owfs | 1 Owfs | 2026-04-23 | N/A |
| The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell. | ||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2006-5798 | 1 Xenis | 1 Xenis.creator Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter. | ||||
| CVE-2007-1846 | 1 Xoops | 1 Malaika System Myads Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341. | ||||
| CVE-2006-5781 | 1 Iodine | 1 Iodine | 2026-04-23 | N/A |
| Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response. | ||||
| CVE-2006-5774 | 1 Hyper Nikki System | 1 Hyper Nikki System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2007-1750 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. | ||||
| CVE-2007-4089 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components. | ||||
| CVE-2007-1762 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. | ||||
| CVE-2007-4096 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2007-4097 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications. | ||||
| CVE-2007-4098 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams. | ||||
| CVE-2007-4102 | 1 Sblog | 1 Sblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string. | ||||
| CVE-2007-4105 | 1 Baidu | 1 Soba Search Bar | 2026-04-23 | N/A |
| A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | ||||
| CVE-2007-4107 | 1 Phpmyforum | 1 Phpmyforum | 2026-04-23 | N/A |
| SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||