Search Results (362038 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6660 1 Ozerov 1 Bigdump 2026-04-23 N/A
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
CVE-2008-6814 2 Jan De Graaff, Mambo 2 Com Simpleboard, Mambo 2026-04-23 N/A
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
CVE-2006-5204 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
CVE-2008-6815 1 Myktools 1 Myktools 2026-04-23 N/A
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
CVE-2006-7177 1 Madwifi 1 Madwifi 2026-04-23 N/A
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."
CVE-2009-0915 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
CVE-2006-7178 1 Madwifi 1 Madwifi 2026-04-23 N/A
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
CVE-2006-7180 1 Madwifi 1 Madwifi 2026-04-23 N/A
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.
CVE-2009-1004 1 Oracle 1 Bea Product Suite 2026-04-23 N/A
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.
CVE-2006-7181 1 Morcego Cms 1 Morcego Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker
CVE-2009-1139 1 Microsoft 4 Adam, Windows 2000, Windows Server 2003 and 1 more 2026-04-23 N/A
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
CVE-2009-1259 1 Insanevisions 1 Adaptbb 2026-04-23 N/A
SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.
CVE-2009-1263 2 Alikonweb, Joomla 2 Com Bookjoomlas, Joomla 2026-04-23 N/A
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
CVE-2009-1286 1 Ibm 1 Lotus Domino 2026-04-23 N/A
The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.
CVE-2006-6039 1 Powie 1 Php Matchmaker 2026-04-23 N/A
SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter.
CVE-2006-5411 1 Justin White 1 Freewps 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs.
CVE-2006-5415 1 News Defilante Horizontale 1 News Defilante Horizontale 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5450 1 Kinesis 1 Kinesis Interactive Cinema System 2026-04-23 N/A
SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
CVE-2006-5471 1 Softerra 1 Php Developer Library 2026-04-23 N/A
PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters.
CVE-2006-5482 1 Freebsd 1 Freebsd 2026-04-23 N/A
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.