Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1404 1 Prosysinfo 1 Tftp Server Tftpdwin 2026-04-23 N/A
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
CVE-2007-3384 1 Apache 1 Tomcat 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
CVE-2006-6270 1 Kervancilar 1 Aspmforum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
CVE-2007-1407 1 Open Solution 1 Quick.cart 2026-04-23 N/A
Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
CVE-2006-6273 1 Paul Griffin 1 Simple Php Gallery 2026-04-23 N/A
sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message.
CVE-2008-5344 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2026-04-23 N/A
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
CVE-2007-1410 1 Gaziyapboz 1 Game Portal 2026-04-23 N/A
SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
CVE-2007-6351 2 Libexif Project, Redhat 2 Libexif, Enterprise Linux 2026-04-23 N/A
libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.
CVE-2007-3406 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-23 N/A
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
CVE-2007-3420 1 Web-app.org 1 Webapp 2026-04-23 N/A
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.
CVE-2006-6279 1 Alexphpteam 1 Alex Guestbook 2026-04-23 N/A
index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message.
CVE-2007-3423 1 Web-app.org 1 Webapp 2026-04-23 N/A
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
CVE-2009-3008 1 Christophe Thibault 1 K-meleon 2026-04-23 N/A
K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
CVE-2006-6280 1 O2php.com 1 Oxygen 2026-04-23 N/A
SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572.
CVE-2006-6429 1 Xerox 1 Workcentre 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option."
CVE-2007-0448 1 Php 1 Php 2026-04-23 N/A
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
CVE-2006-6281 1 Dicshunary 1 Dicshunary 2026-04-23 N/A
PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter.
CVE-2007-1487 3 Cyber Inside, Cyberteddy, Sascha Schroeder 3 Weblog, Weblog, Weblog 2026-04-23 N/A
Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action.
CVE-2006-6283 1 Vikingboard 1 Vikingboard 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post.
CVE-2007-3429 1 E107 1 E107 2026-04-23 N/A
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.