Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5050 1 Rob Landley 1 Busybox 2026-04-23 N/A
Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
CVE-2006-5321 1 Tincan 1 Phplist 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0291 1 Oracle 1 E-business Suite 2026-04-23 N/A
Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.
CVE-2009-0624 1 Cisco 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more 2026-04-23 N/A
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.
CVE-2007-1390 1 Dynaliens 1 Dynaliens 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.
CVE-2007-1615 1 Scriptmagix 1 Scriptmagix Jokes 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-6911 1 Digitizing Quote And Ordering System 1 Digitizing Quote And Ordering System 2026-04-23 N/A
SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.
CVE-2007-1619 1 Scriptmagix 1 Scriptmagix Photo Rating 2026-04-23 N/A
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2006-7069 1 Socketwiz 1 Bookmarks 2026-04-23 N/A
PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter.
CVE-2006-7166 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."
CVE-2009-0755 1 Poppler 1 Poppler 2026-04-23 N/A
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
CVE-2006-5705 1 Wordpress 1 Wordpress 2026-04-23 N/A
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.
CVE-2007-1191 1 Quicksilver 1 Del.icio.us Module 2026-04-23 N/A
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
CVE-2007-2477 1 Phpmychat 1 Phpmychat 2026-04-23 N/A
PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value
CVE-2009-1681 1 Apple 1 Safari 2026-04-23 N/A
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
CVE-2006-6929 1 Ga Soft 1 Rapid Classified 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.
CVE-2007-1192 1 Hyperbook 1 Guestbook 2026-04-23 N/A
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
CVE-2006-7209 1 Zoneo-soft 1 Phptraffica 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics.
CVE-2006-6243 1 Fipsasp 1 Fipsshop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.
CVE-2006-6248 1 Gphotos 1 Gphotos 2026-04-23 N/A
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message.