Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6560 1 Mxbb 1 Modsdb 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-1129 1 Mtcms 1 Mtcms 2026-04-23 N/A
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.
CVE-2006-6579 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-23 N/A
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
CVE-2006-6919 1 Sage-mozdev 1 Sage 2026-04-23 N/A
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.
CVE-2007-1127 1 Watersweb Shops 1 Shop Kit Plus 2026-04-23 N/A
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
CVE-2007-0152 1 Ohhasp 1 Ohhasp 2026-04-23 N/A
OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.
CVE-2007-1125 1 Xeroxer 1 Simple One-file Gallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.
CVE-2006-6650 1 Mxbb 1 Mxbb Charts 2026-04-23 N/A
PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-0148 1 Omnigroup 1 Omniweb 2026-04-23 N/A
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
CVE-2006-7179 1 Madwifi 1 Madwifi 2026-04-23 N/A
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.
CVE-2006-6649 1 Hypervm 1 Hypervm 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence.
CVE-2007-0082 1 Imgallery 1 Imgallery 2026-04-23 N/A
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
CVE-2006-5409 1 Mobilesecure Inc 2 Highwall Endpoint, Highwall Enterprise 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2004-2762 1 Ibm 2 Mvs, Tivoli Storage Manager 2026-04-23 N/A
The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.
CVE-2006-6648 1 Planetluc.com 1 Rateme 2026-04-23 N/A
PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter.
CVE-2006-6568 1 Mxbb 1 Kb Mods 2026-04-23 N/A
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
CVE-2007-0092 1 E-smart Cart 1 E-smart Cart 2026-04-23 N/A
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
CVE-2007-0046 2 Adobe, Redhat 2 Acrobat Reader, Rhel Extras 2026-04-23 N/A
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
CVE-2006-6889 1 Freestyle 1 Freestyle Wiki 2026-04-23 N/A
FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat.
CVE-2006-6553 1 Mxbb 1 Mxbb Newssuite 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.