Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0929 1 Guillaume Fontaine 1 Php Rrd Browser 2026-04-23 N/A
Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.
CVE-2006-5259 1 Compteur 1 Compteur 2026-04-23 N/A
PHP remote file inclusion vulnerability in param_editor.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the folder parameter.
CVE-2007-1255 1 Connectix 1 Connectix Boards 2026-04-23 N/A
Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.
CVE-2007-0193 1 Fon 1 La Fonera 2026-04-23 N/A
FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.
CVE-2007-0195 1 F5 1 Firepass 2026-04-23 N/A
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
CVE-2007-0953 1 Atmail 1 Atmail Webmail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVE-2007-0199 1 Cisco 1 Ios 2026-04-23 N/A
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
CVE-2006-5362 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote attack vectors, aka Vuln# OC4J04.
CVE-2006-5374 1 Oracle 1 Pharmaceutical 2026-04-23 N/A
Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01.
CVE-2006-5376 1 Oracle 1 Peoplesoft Enterprise 2026-04-23 N/A
Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04, (2) PSE06, (3) PSE07, and (4) PSE08.
CVE-2006-5586 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-23 N/A
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
CVE-2007-0298 1 Dexxaboy 1 Lunarpoll 2026-04-23 N/A
PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.
CVE-2007-0299 1 Apple 1 Mac Os X 2026-04-23 N/A
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.
CVE-2007-0300 1 Tlm Cms 1 Tlm Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2006-5753 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop 2026-04-23 N/A
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
CVE-2007-0302 1 Instantasp 1 Instantasp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.
CVE-2006-5826 1 Texas Imperial Software 1 Wftpd 2026-04-23 N/A
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
CVE-2007-0345 1 Apple 1 Mac Os X 2026-04-23 N/A
The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.
CVE-2006-5850 1 Essen 1 Essentia Web Server 2026-04-23 N/A
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
CVE-2006-5852 1 Openbase International Ltd 1 Openbase 2026-04-23 N/A
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.