Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5826 1 Texas Imperial Software 1 Wftpd 2026-04-23 N/A
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
CVE-2007-0345 1 Apple 1 Mac Os X 2026-04-23 N/A
The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.
CVE-2007-3097 1 F5 1 Firepass 4100 2026-04-23 N/A
my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.
CVE-2007-3096 1 Pblang 1 Pblang 2026-04-23 N/A
Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-3095 1 Symantec 3 Client Security, Norton Antivirus, Reporting Server 2026-04-23 N/A
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
CVE-2007-1008 1 Apple 1 Itunes 2026-04-23 N/A
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
CVE-2006-5854 1 Novell 1 Netware Client 2026-04-23 N/A
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
CVE-2007-3094 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
CVE-2007-3093 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.
CVE-2007-1180 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
CVE-2007-1011 1 Vs-gastebuch 1 Vs-gastebuch 2026-04-23 N/A
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
CVE-2007-0369 1 Phpbp 1 Phpbp 2026-04-23 N/A
SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.
CVE-2006-5861 1 Citrix 2 Metaframe, Metaframe Presentation Server 2026-04-23 N/A
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.
CVE-2007-3059 1 Sendcard 1 Sendcard 2026-04-23 N/A
SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.
CVE-2007-3058 1 Madirish Webmail 1 Madirish Webmail 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6720 2 Igno Saitz, Redhat 2 Libmikmod, Enterprise Linux 2026-04-23 N/A
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
CVE-2006-5863 1 Otterware 1 Letterit2 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2008-4232 1 Apple 3 Iphone Os, Ipod Touch, Safari 2026-04-23 N/A
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
CVE-2006-5903 1 Rahul Jonna 1 Gspace 2026-04-23 N/A
Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder.
CVE-2007-0408 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.