Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5030 1 Exv2 1 Content Management System 2025-04-09 N/A
SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
CVE-2007-2636 1 Jason Frisvold 1 Phptodo 2025-04-09 N/A
Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information.
CVE-2006-5945 1 Mginternet 1 Car Site Manager 2025-04-09 N/A
Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp.
CVE-2006-5947 1 Conxint 1 Conxint Ftp Server 2025-04-09 N/A
Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5949 1 Altools 1 Alftp Ftp Server 2025-04-09 N/A
Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5953 1 Lynx Internet Solutions 1 Evolve Merchant 2025-04-09 N/A
SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter.
CVE-2006-5382 1 3com 1 Superstack 3 Switch 4400 2025-04-09 N/A
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.
CVE-2007-2637 2 Moinmoin, Ubuntu 2 Moinmoin, Ubuntu Linux 2025-04-09 N/A
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.
CVE-2006-5955 1 20 20 Applications 1 20 20 Datashed 2025-04-09 N/A
SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5962 1 Hpecs Shopping Cart 1 Hpecs Shopping Cart 2025-04-09 N/A
Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.
CVE-2007-2640 1 Heiko Stamer 1 Libtmcg 2025-04-09 N/A
LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards.
CVE-2007-2641 1 W1l3d4 1 Philboard 2025-04-09 N/A
SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920.
CVE-2007-0725 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."
CVE-2007-0732 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."
CVE-2007-2642 1 R2k 1 R2k Gallery 2025-04-09 N/A
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
CVE-2007-0737 1 Apple 1 Mac Os X 2025-04-09 N/A
The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.
CVE-2007-2934 1 Windy Road 1 Vistered Little 2025-04-09 N/A
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
CVE-2007-0738 1 Apple 1 Mac Os X 2025-04-09 N/A
The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.
CVE-2006-5389 1 Wyana 1 Php-wyana 2025-04-09 N/A
tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message.
CVE-2007-0739 1 Apple 1 Mac Os X 2025-04-09 N/A
The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.