Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6989 1 Netcaptor 1 Netcaptor 2026-04-23 N/A
Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
CVE-2006-4516 1 Freebsd 1 Freebsd 2026-04-23 N/A
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call.
CVE-2006-4518 1 Qbik 1 Wingate 2026-04-23 N/A
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
CVE-2006-7082 1 Rigter Portal System 1 Rigter Portal System 2026-04-23 N/A
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php.
CVE-2006-7092 1 Mamboxchange 1 Laithai 2026-04-23 N/A
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
CVE-2006-7103 1 Ezonlinegallery 1 Ezonlinegallery 2026-04-23 N/A
Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.
CVE-2006-7107 1 Coalescent Systems 1 Freepbx 2026-04-23 N/A
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
CVE-2006-7226 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-23 N/A
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
CVE-2007-0019 1 Maxum Development Corporation 1 Rumpus Ftp Server 2026-04-23 N/A
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
CVE-2007-0046 2 Adobe, Redhat 2 Acrobat Reader, Rhel Extras 2026-04-23 N/A
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
CVE-2006-5162 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.
CVE-2006-5551 1 Qksoft 1 Qk Smtp 2026-04-23 N/A
Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command.
CVE-2006-5232 1 Isearch 1 Isearch 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes
CVE-2007-0925 1 Communityserver.org 1 Community Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-5246 1 Eazy Cart 1 Eazy Cart 2026-04-23 N/A
Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information.
CVE-2007-0929 1 Guillaume Fontaine 1 Php Rrd Browser 2026-04-23 N/A
Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.
CVE-2006-5259 1 Compteur 1 Compteur 2026-04-23 N/A
PHP remote file inclusion vulnerability in param_editor.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the folder parameter.
CVE-2006-5277 1 Cisco 2 Unified Callmanager, Unified Communications Manager 2026-04-23 N/A
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
CVE-2007-0936 1 Microsoft 2 Office, Visio 2026-04-23 N/A
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
CVE-2007-0255 1 Xine 1 Xine 2026-04-23 N/A
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.