Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7183 1 Photography-on-the-net 1 Exhibit Engine 2 2026-04-23 N/A
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2006-6833 1 Joomla 1 Joomla 2026-04-23 N/A
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
CVE-2006-5237 1 Blue Smiley Organizer 1 Blue Smiley Organizer 2026-04-23 N/A
SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-5891 1 Superfreaker Studios 1 Ustore 2026-04-23 N/A
SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-1095 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
CVE-2007-3783 1 Envivosoft 1 Envivo Cms 2026-04-23 N/A
SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4.
CVE-2006-5240 1 Docmint 1 Docmint Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
CVE-2006-7184 1 Photography-on-the-net 1 Exhibit Engine 2 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3784 1 Belkin 1 F5d7231-4 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client.
CVE-2007-1294 1 Divx 1 Divx Web Player 2026-04-23 N/A
A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.
CVE-2007-2256 1 Tjschat 1 Tjschat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-3786 1 Esoft 1 Instagate Ex2 Utm 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer
CVE-2008-1619 2 Redhat, Xensource Inc 2 Enterprise Linux, Xen 2026-04-23 N/A
The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.
CVE-2006-7191 1 Ldap Account Manager 1 Ldap Account Manager 2026-04-23 N/A
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
CVE-2007-3787 1 Esoft 1 Instagate Ex2 Utm 2026-04-23 N/A
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.
CVE-2006-5245 1 Eazy Cart 1 Eazy Cart 2026-04-23 N/A
Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/.
CVE-2007-1100 1 Pickle 1 Pickle 2026-04-23 N/A
Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-1102 1 Photostand 1 Photostand 2026-04-23 N/A
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
CVE-2007-2257 1 Fully Modded Phpbb 1 Fully Modded Phpbb2 2026-04-23 N/A
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-3788 1 Esoft 1 Instagate Ex2 Utm 2026-04-23 N/A
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document.