Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6588 1 Apache 1 Ofbiz 2025-04-09 N/A
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
CVE-2009-1522 2 Ibm, Microsoft 3 Aix, Tivoli Storage Manager Client, Windows 2025-04-09 N/A
The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.
CVE-2006-6593 1 Phpbb 1 Amazonia Mod 2025-04-09 N/A
PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-3521 1 Arcadebuilder 1 Game Portal Manager 2025-04-09 N/A
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
CVE-2006-6594 1 Scriptmate 1 User Manager 2025-04-09 N/A
SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter.
CVE-2006-6599 1 Torrentflux 1 Torrentflux 2025-04-09 N/A
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
CVE-2009-1572 1 Quagga 1 Quagga 2025-04-09 N/A
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
CVE-2006-6604 1 Torrentflux 1 Torrentflux 2025-04-09 N/A
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.
CVE-2009-1659 1 Intelliants 1 Elitius 2025-04-09 N/A
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
CVE-2009-1663 1 Easy-scripts 1 Answer And Question Script 2025-04-09 N/A
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.
CVE-2009-1683 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 N/A
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."
CVE-2009-1727 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
CVE-2006-6607 1 Ibm 1 Tivoli Identity Manager 2025-04-09 N/A
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
CVE-2006-6610 1 Alientrap 1 Nexuiz 2025-04-09 N/A
clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection."
CVE-2007-3523 1 Groupeclan.free.fr 1 Xcms 2025-04-09 N/A
Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter.
CVE-2006-6612 1 Phpmycms 1 Phpmycms 2025-04-09 N/A
PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter.
CVE-2007-3528 1 Dar 1 Dar 2025-04-09 N/A
The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.
CVE-2006-6613 1 Phpalbum.net 1 Phpalbum 2025-04-09 N/A
Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
CVE-2009-1906 1 Ibm 1 Db2 2025-04-09 N/A
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.
CVE-2006-6621 6 Avg, Comodo, Filseclab and 3 more 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more 2025-04-09 N/A
Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.