Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5246 1 Eazy Cart 1 Eazy Cart 2025-04-09 N/A
Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information.
CVE-2007-0286 1 Oracle 2 Application Server, Collaboration Suite 2025-04-09 N/A
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.
CVE-2007-0288 1 Oracle 1 Application Server 2025-04-09 N/A
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
CVE-2007-4183 1 Php Arena 1 Pabugs 2025-04-09 N/A
SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2007-0298 1 Dexxaboy 1 Lunarpoll 2025-04-09 N/A
PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.
CVE-2007-0296 1 Oracle 2 Enterpriseone, Peoplesoft Enterprise 2025-04-09 N/A
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.
CVE-2006-5292 1 Exhibit Engine 1 Exhibit Engine 2025-04-09 N/A
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2007-0294 1 Oracle 1 Enterprise Manager 2025-04-09 N/A
Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
CVE-2007-4156 1 Woliocms 1 Woliocms 2025-04-09 N/A
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php.
CVE-2007-0297 1 Oracle 2 Enterpriseone, Peoplesoft Enterprise 2025-04-09 N/A
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.
CVE-2007-0346 1 Sme 1 Filemailer 2025-04-09 N/A
SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.
CVE-2006-4252 1 Powerdns 1 Recursor 2025-04-09 N/A
PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.
CVE-2007-0306 1 Digiappz 1 Digiaffiliate 2025-04-09 N/A
SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1505 1 Fujitsu 2 Fence, Systemwalker Desktop Encryption 2025-04-09 N/A
Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.
CVE-2007-1506 1 Oracle 1 Application Server Portal 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
CVE-2007-1517 1 Paul Knierim 1 Wsn Guest 2025-04-09 N/A
SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1526 1 Sun 1 Java System Web Server 2025-04-09 N/A
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
CVE-2007-4140 1 Lfs 1 Live For Speed S2 2025-04-09 N/A
Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.
CVE-2007-1524 1 Zomplog 1 Zomplog 2025-04-09 N/A
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
CVE-2007-1532 1 Microsoft 1 Windows Vista 2025-04-09 N/A
The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.