Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2197 1 Brettle Development 1 Neatupload 2025-04-09 N/A
Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.
CVE-2007-2203 1 Big Blue 1 Guestbook 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.
CVE-2007-2196 2 Joomla, Mambo 2 Jambook, Jambook 2025-04-09 N/A
PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request
CVE-2007-2195 1 Alvaro 1 Alvaros Messenger 2025-04-09 N/A
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
CVE-2007-2194 1 Gentoo 1 Xnview 2025-04-09 N/A
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
CVE-2007-3882 1 Popscript.com 1 Expert Advisor 2025-04-09 N/A
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3047 1 Opera 1 Opera Browser 2025-04-09 N/A
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
CVE-2006-5892 1 The Net Guys 1 Aspired2poll 2025-04-09 N/A
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6477 1 Mandiant 1 First Response 2025-04-09 N/A
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack.
CVE-2006-7110 1 Drupal 1 Imce Module 2025-04-09 N/A
Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.
CVE-2007-1629 1 Active Web Softwares 1 Active Photo Gallery 2025-04-09 N/A
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-2191 7 Bsd, Freepbx, Hp and 4 more 8 Bsd, Freepbx, Hp-ux and 5 more 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
CVE-2007-1631 1 Clbox 1 Clbox 2025-04-09 N/A
PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use
CVE-2007-1635 1 Net Portal Dynamic System 1 Net Portal Dynamic System 2025-04-09 N/A
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
CVE-2007-2187 1 Extremail 1 Extremail 2025-04-09 N/A
Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.
CVE-2007-2862 1 Devellion 1 Cubecart 2025-04-09 N/A
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
CVE-2007-5355 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2025-04-09 N/A
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
CVE-2007-1658 1 Microsoft 1 Windows Vista 2025-04-09 N/A
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
CVE-2007-2186 2 Foxit, Microsoft 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more 2025-04-09 N/A
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2007-1662 1 Pcre 1 Pcre 2025-04-09 N/A
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.