Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3328 1 Interact 1 Interact 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php.
CVE-2006-5905 1 Web Directory Pro 1 Web Directory Pro 2025-04-09 N/A
Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php.
CVE-2006-5906 1 Jean-christophe Ramos 1 Pls-bannieres 2025-04-09 N/A
PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use
CVE-2006-5908 1 Lucas Rodriguez San Pedro 1 Yet Another News System 2025-04-09 N/A
Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
CVE-2007-2792 1 Com Yanc 1 Com Yanc 2025-04-09 N/A
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2007-3624 1 Sap 1 Sap Message Server 2025-04-09 N/A
Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.
CVE-2006-1311 1 Microsoft 5 Learning Essentials, Office, Windows 2000 and 2 more 2025-04-09 N/A
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
CVE-2006-4697 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2025-04-09 N/A
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
CVE-2007-3397 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.
CVE-2006-5550 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2025-04-09 N/A
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
CVE-2006-5075 1 Sun 1 Solaris 2025-04-09 N/A
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.
CVE-2006-5638 1 Phpmyring 1 Phpmyring 2025-04-09 N/A
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
CVE-2006-5640 1 Techno Dreams 1 Techno Dreams Guest Book 2025-04-09 N/A
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2007-3403 1 Dreamlog 1 Dreamlog 2025-04-09 N/A
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
CVE-2006-5097 1 Net2ftp 1 Net2ftp 2025-04-09 N/A
PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability.
CVE-2007-1263 3 Gnu, Gnupg, Redhat 3 Gpgme, Gnupg, Enterprise Linux 2025-04-09 N/A
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
CVE-2007-1721 1 Realink 1 C-arbre 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
CVE-2007-1264 1 Enigmail 1 Enigmail 2025-04-09 N/A
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2007-1265 1 Kde 1 K-mail 2025-04-09 N/A
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2007-1266 1 Gnome 1 Evolution 2025-04-09 N/A
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.