Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6124 1 Biba Software 1 Seleniumserver Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6200 1 Francisco Burzi 1 Php-nuke 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2006-5914 1 Samedia 1 Landshop 2026-04-23 N/A
SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018.
CVE-2008-1312 1 Packettrap 1 Pt360 Tool Suite 2026-04-23 N/A
Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311.
CVE-2006-6195 1 Fixit Knowledge Solutions 1 Idms Pro Image Gallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp.
CVE-2006-6336 1 Eudora 1 Worldmail Management Server 2026-04-23 N/A
Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.
CVE-2007-0883 1 Second Rule Llc 1 Ip3 Netaccess 2026-04-23 N/A
Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2007-4325 1 Mapos Scripts 1 Gaestebuch 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
CVE-2006-5868 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2026-04-23 N/A
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
CVE-2007-4330 1 Mapos Scripts 1 Shoutbox 2026-04-23 N/A
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2007-4405 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).
CVE-2007-3318 1 Avaya 1 One-x 2026-04-23 N/A
Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.
CVE-2007-0817 1 Adobe 1 Coldfusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
CVE-2007-4183 1 Php Arena 1 Pabugs 2026-04-23 N/A
SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2007-0812 1 Woltlab 1 Burning Board Lite 2026-04-23 N/A
SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
CVE-2007-2754 2 Freetype, Redhat 2 Freetype, Enterprise Linux 2026-04-23 N/A
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
CVE-2007-3310 1 Tdizin 1 Tdizin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6330 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
CVE-2009-3626 1 Perl 1 Perl 2026-04-23 N/A
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
CVE-2006-5455 1 Mozilla 1 Bugzilla 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.