Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0815 1 Uapplication 1 Uphotogallery 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.
CVE-2007-3641 1 Freebsd 1 Libarchive 2025-04-09 N/A
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
CVE-2007-3829 2 Interactual Technologies, Roxio 2 Interactual Player, Cineplayer 2025-04-09 N/A
Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3173 1 Theratstudios 1 The Rat Cms 2025-04-09 N/A
Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2007-0804 1 Ggcms 1 Ggcms 2025-04-09 N/A
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
CVE-2007-4078 1 Alstrasoft 1 Text Ads Enterprise 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php.
CVE-2007-0256 1 Videolan 1 Vlc Media Player 2025-04-09 N/A
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
CVE-2009-2202 1 Apple 1 Quicktime 2025-04-09 N/A
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
CVE-2006-6800 1 Limbo Cms 1 Event Module 2025-04-09 N/A
PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-2009-3978 1 Mozilla 1 Firefox 2025-04-09 N/A
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.
CVE-2008-1546 1 Mitsubishi Electric 1 Gb 2025-04-09 N/A
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command.
CVE-2007-0801 1 Mozilla 1 Firefox 2025-04-09 N/A
The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.
CVE-2007-0800 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-09 N/A
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
CVE-2007-1654 1 Netsieben 1 Netsieben Ssh Library 2025-04-09 N/A
Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations.
CVE-2007-4479 1 Aleadsoft.com 1 Search Engine Builder Professional 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter.
CVE-2007-0258 2 Fastilo, Opensolution 2 Fastilo, Quick.car 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-0795 1 Wap 1 Wap Portal Server 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.
CVE-2006-5603 1 Snitz Communications 1 Snitz Forums 2000 2025-04-09 9.8 Critical
SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-6330 1 Meridian Software 1 Prolog Manager 2025-04-09 N/A
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
CVE-2007-1657 1 Python Software Foundation 1 Python 2025-04-09 N/A
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.