Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2383 1 Prototypejs 1 Prototype Framework 2025-04-09 N/A
The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVE-2007-3509 1 Symantec 1 Veritas Backup Exec 2025-04-09 N/A
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
CVE-2007-3727 1 Valarsoft 1 Webmatic 2025-04-09 N/A
Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area."
CVE-2007-4352 2 Redhat, Xpdf 2 Enterprise Linux, Xpdf 2025-04-09 N/A
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
CVE-2006-6851 1 Mobilelib 1 Mobilelib Gold 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
CVE-2006-6909 1 Karl Dahlke 1 Edbrowse 2025-04-09 N/A
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
CVE-2006-6921 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
CVE-2006-6951 1 Odysseus Blog 1 Odysseus Blog 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2008-0592 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2025-04-09 N/A
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.
CVE-2006-6974 1 Headstart Solutions 1 Deskpro 2025-04-09 N/A
Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.
CVE-2007-3094 1 Sun 2 Solaris, Sunos 2025-04-09 N/A
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
CVE-2007-3128 1 Ibm 1 Websphere Portal 2025-04-09 N/A
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-1594 1 Ibm 1 Aix 2025-04-09 N/A
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
CVE-2007-3781 2 Mysql, Redhat 3 Community Server, Enterprise Linux, Rhel Application Stack 2025-04-09 N/A
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
CVE-2007-3259 1 Vincent Hor 1 Calendarix 2025-04-09 N/A
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages.
CVE-2007-3266 1 Ifnet 1 Webif.cgi 2025-04-09 N/A
Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.
CVE-2007-3695 1 Broadcom 1 Erwin Process Modeler 2025-04-09 N/A
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
CVE-2006-7075 1 Aqualung 1 Aqualung 2025-04-09 N/A
Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file.
CVE-2006-7080 1 Exv2 1 Content Management System 2025-04-09 N/A
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
CVE-2006-7099 1 Solarpay 1 Solarpay 2025-04-09 N/A
Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.