Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4092 1 Ifoto 1 Ifoto 2025-04-09 N/A
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.
CVE-2006-7111 1 Futomis Cgi Cafe 1 Kmail Cgi 2025-04-09 N/A
Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.
CVE-2007-0397 1 Cisco 2 Adaptive Security Appliance Device Manager, Security Monitoring Analysis And Response System 2025-04-09 N/A
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
CVE-2006-7151 2 Gnu, Redhat 2 Libtool-ltdl, Fedora Core 2025-04-09 N/A
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
CVE-2007-1449 1 Phpnuke 1 Php-nuke 2025-04-09 N/A
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2007-4320 1 Ncaster 1 Ncaster 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
CVE-2007-4340 1 Phpdvd 1 Phpdvd 2025-04-09 N/A
PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter.
CVE-2007-3702 1 Mail Machine 1 Mail Machine 2025-04-09 N/A
Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.
CVE-2008-0594 1 Mozilla 1 Firefox 2025-04-09 N/A
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
CVE-2006-7174 1 Phpbb 1 Dimension 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.
CVE-2006-7188 1 Web-app.net 1 Webapp 2025-04-09 N/A
The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.
CVE-2006-7189 1 Web-app.net 1 Webapp 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.
CVE-2006-7190 1 Web-app.net 1 Webapp 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.
CVE-2006-7192 1 Microsoft 1 .net Framework 2025-04-09 N/A
Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
CVE-2006-7193 1 Smarty 1 Smarty 2025-04-09 N/A
PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant
CVE-2006-7210 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 N/A
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
CVE-2006-7214 1 Firebirdsql 1 Firebird 2025-04-09 N/A
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
CVE-2007-3706 1 Codeigniter 1 Codeigniter 2025-04-09 N/A
The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.
CVE-2007-2964 1 F-secure 1 Policy Manager 2025-04-09 N/A
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
CVE-2006-5819 1 Verity 1 Ultraseek 2025-04-09 N/A
Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.