Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0925 1 Communityserver.org 1 Community Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2007-1616 1 Scriptmagix 1 Scriptmagix Lyrics 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.
CVE-2007-4317 1 Zyxel 2 Zynos, Zywall 2 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters.
CVE-2006-5201 1 Sun 9 Jdk, Jre, Jsse and 6 more 2026-04-23 N/A
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
CVE-2007-0970 1 Webtester 1 Webtester 2026-04-23 N/A
Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.
CVE-2007-1428 1 Php Labs 1 Jobsitepro 2026-04-23 N/A
SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
CVE-2006-6286 1 Palm 1 Palm Desktop 2026-04-23 N/A
Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6467 1 Xerox 1 Workcentre 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing.
CVE-2007-0705 1 Fenrir 2 Portable Sleipnir, Sleipnir 2026-04-23 N/A
Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.
CVE-2006-6379 1 Broadcom 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Server Protection Suite 2026-04-23 N/A
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-1086 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 Universal Database and 3 more 2026-04-23 N/A
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."
CVE-2007-4127 1 Le Ralf 1 Ralf Image Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0
CVE-2006-6218 1 Dev4u 1 Dev4u Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters.
CVE-2006-6030 1 Futuretec 1 E-calendar Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information.
CVE-2006-6072 1 Bpg-infotech 2 Easy Publisher, Smart Publisher Pro 2026-04-23 N/A
SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-0495 1 Phpsherpa 1 Phpsherpa 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
CVE-2006-6029 1 Property Pro 1 Property Pro 2026-04-23 N/A
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2006-5931 1 Aigaion 1 Aigaion 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5927 1 Asp Scripter 2 Easy Portal, Live Support 2026-04-23 N/A
SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-0418 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.