Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1252 1 Symantec 1 Mail Security 2025-04-09 N/A
Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.
CVE-2006-5778 1 Linux-ftpd-ssl 1 Linux-ftpd-ssl 2025-04-09 N/A
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.
CVE-2007-3542 1 Pluxml 1 Pluxml 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2008-5857 1 Knowledgetree Document Management 1 Knowledgetree Document Management 2025-04-09 N/A
The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests.
CVE-2006-6371 1 James Barnsley 1 Jab Guest Book 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.
CVE-2006-6381 1 Ultimate Helpdesk 1 Ultimate Helpdesk 2025-04-09 N/A
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-5873 2 Debian, L2tpns 2 Debian Linux, L2tpns 2025-04-09 N/A
Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.
CVE-2006-6480 1 Scriptphp 1 Annoncescripthp 2025-04-09 N/A
admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remote attackers to obtain sensitive information via the idmembre parameter, which discloses the passwords for arbitrary users.
CVE-2007-2420 1 Burak Yilmaz 1 Burak Yilmaz Blog 2025-04-09 N/A
SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1556 1 Thecreativeheads.de 1 Creative Files 2025-04-09 N/A
SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter.
CVE-2007-2421 1 Hitachi 1 Groupmax Mobile Option 2025-04-09 N/A
Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-2422 1 Comdev 1 Modules Builder 2025-04-09 9.8 Critical
Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string
CVE-2007-2423 1 Moinmoin 1 Moinmoin 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2426 1 Wildbits 1 Mygallery 2025-04-09 N/A
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
CVE-2007-2427 1 Pnflashgames 1 Pnflashgames 2025-04-09 N/A
SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-2431 1 Tecnick.com 1 Tcexam 2025-04-09 N/A
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
CVE-2009-1447 1 E-cart 1 Free Shopping Cart 2025-04-09 N/A
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2007-2434 1 Aventail 1 Aventail Connect 2025-04-09 N/A
Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query.
CVE-2007-6328 1 Dosbox 1 Dosbox 2025-04-09 N/A
DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem
CVE-2007-2437 1 X.org 2 X Window System, Xserver 2025-04-09 N/A
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.