Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3633 1 Chilkat Software 1 Chilkat Zip Activex Control 2025-04-09 N/A
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
CVE-2006-7132 1 Cynux Softwares 1 Phpmydesk 2025-04-09 N/A
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
CVE-2007-2878 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
CVE-2006-6310 1 Microsoft 1 Internet Explorer 2025-04-09 N/A
Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0253 1 Mozilla 1 Firefox 2025-04-09 N/A
Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
CVE-2007-2882 1 Sun 2 Solaris, Sunos 2025-04-09 N/A
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
CVE-2007-2888 1 Ezb Systems 1 Ultraiso 2025-04-09 N/A
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
CVE-2006-5321 1 Tincan 1 Phplist 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3437 2 Aol, Microsoft 2 Instant Messenger, Windows Xp 2025-04-09 N/A
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
CVE-2007-3000 1 Php Jackknife 1 Php Jackknife 2025-04-09 N/A
Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.
CVE-2006-7183 1 Photography-on-the-net 1 Exhibit Engine 2 2025-04-09 N/A
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2008-6997 1 Google 1 Chrome 2025-04-09 N/A
Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.
CVE-2007-2664 1 Tomasz Rekawek 1 Yet Another Asterisk Panel 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
CVE-2007-2662 1 Efestech Haber 1 Efestech Haber 2025-04-09 N/A
SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI.
CVE-2007-2950 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2025-04-09 N/A
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
CVE-2006-6857 1 Docebolms 1 Docebolms 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2006-6860 1 Mythcontrol 1 Mythcontrol 2025-04-09 N/A
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
CVE-2007-1295 1 Aj Forum 1 Aj Forum 2025-04-09 N/A
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
CVE-2007-1300 1 Douran Software Technologies 1 Isputil 2025-04-09 N/A
DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6861 1 Outfront 1 Spooky Login 2025-04-09 N/A
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.