Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3718 1 Apple 1 Safari 2026-04-23 N/A
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.
CVE-2006-5099 1 Andreas Gohr 1 Dokuwiki 2026-04-23 N/A
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
CVE-2006-5961 1 Pegasus 1 Mercury Mail Transport System 2026-04-23 N/A
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable.
CVE-2006-5976 1 Drumster 1 Blogme 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.
CVE-2007-0495 1 Phpsherpa 1 Phpsherpa 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
CVE-2006-6941 1 Freewebshop 1 Freewebshop 2026-04-23 N/A
index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.
CVE-2007-1057 1 Nortel 4 Alteon 2424 Application Switch, Net Direct Client, Ssl Vpn Module 1000 and 1 more 2026-04-23 N/A
The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.
CVE-2007-4381 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2026-04-23 N/A
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
CVE-2006-6044 1 Phpquickgallery 1 Phpquickgallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter.
CVE-2009-4136 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-23 N/A
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
CVE-2007-4562 1 Hitachi 2 Cosminexus Dabroker, Dabroker 2026-04-23 N/A
Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port."
CVE-2007-0644 1 Apple 1 Safari 2026-04-23 N/A
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
CVE-2006-6049 1 Phil Taylor 1 Shambo2 2026-04-23 N/A
PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-2159 1 Drupal 1 Database Administration Module 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.
CVE-2006-6102 3 Redhat, X.org, Xfree86 Project 3 Enterprise Linux, X.org, Xfree86 X Server 2026-04-23 N/A
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
CVE-2007-1343 1 Webcalendar 1 Webcalendar 2026-04-23 N/A
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
CVE-2007-0514 1 Hitachi 19 Cosminexus Application Server, Cosminexus Application Server Version 5, Cosminexus Developer Light Version 6 and 16 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
CVE-2007-1346 1 Sun 1 Sun Fire 2026-04-23 N/A
Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.
CVE-2006-6112 1 Lifetype 1 Lifetype 2026-04-23 N/A
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
CVE-2007-6198 1 Bea 1 Aqualogic Interaction 2026-04-23 N/A
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.