Total
29942 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2151 | 1 Mcafee | 1 E-business Server | 2026-04-23 | N/A |
| The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read. | ||||
| CVE-2007-2150 | 1 Bluearc | 1 Titan | 2026-04-23 | N/A |
| BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | ||||
| CVE-2007-2140 | 1 Franklin Huang | 1 Flip-search-add-on | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | ||||
| CVE-2007-1710 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | ||||
| CVE-2007-1462 | 2 Conga, Redhat | 3 Conga, Linux, Rhel Cluster | 2026-04-23 | N/A |
| The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible. | ||||
| CVE-2009-0217 | 4 Ibm, Mono Project, Oracle and 1 more | 9 Websphere Application Server, Mono, Application Server and 6 more | 2026-04-23 | N/A |
| The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | ||||
| CVE-2007-0514 | 1 Hitachi | 19 Cosminexus Application Server, Cosminexus Application Server Version 5, Cosminexus Developer Light Version 6 and 16 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. | ||||
| CVE-2006-5911 | 1 Campware.org | 1 Campsite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/. | ||||
| CVE-2006-5020 | 1 Solidstate | 1 Solidstate | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php. | ||||
| CVE-2009-3563 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2026-04-23 | N/A |
| ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | ||||
| CVE-2006-7005 | 1 Php Script Tools | 1 Psy Auction | 2026-04-23 | N/A |
| SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5976 | 1 Drumster | 1 Blogme | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5954 | 1 Netvios | 1 Netvios | 2026-04-23 | N/A |
| SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | ||||
| CVE-2006-5949 | 1 Altools | 1 Alftp Ftp Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5947 | 1 Conxint | 1 Conxint Ftp Server | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5946 | 1 Funkyasp | 1 Glossary | 2026-04-23 | N/A |
| SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter. | ||||
| CVE-2006-5919 | 1 Activecampaign | 1 Knowledgebuilder | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131. | ||||
| CVE-2006-5914 | 1 Samedia | 1 Landshop | 2026-04-23 | N/A |
| SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018. | ||||
| CVE-2006-5607 | 1 Inca | 1 Im-204 Adsl Router | 2026-04-23 | N/A |
| Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. | ||||
| CVE-2006-5597 | 1 Minihttp | 1 Web Forum File Sharing Sever Powerpack | 2026-04-23 | N/A |
| join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters. | ||||