Search Results (363015 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5932 1 Fatwire 1 Fatwire Content Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components.
CVE-2006-5558 1 Hp 1 Hp-ux 2026-04-23 N/A
Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
CVE-2007-3661 1 Eltima Software 1 Virtual Serial Port 2026-04-23 N/A
Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions.
CVE-2007-6002 1 Fenrir 2 Grani, Sleipnir 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.
CVE-2007-6150 1 Freebsd 1 Freebsd 2026-04-23 N/A
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
CVE-2006-5323 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
CVE-2007-3668 1 Numedia Soft Inc 1 Nmsdvdx Dvd Burning Sdk 2026-04-23 N/A
Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via "improperly initialized" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables.
CVE-2007-5624 1 Nagios 1 Nagios 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
CVE-2007-6161 1 Tilde 1 Tilde Cms 2026-04-23 N/A
index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path.
CVE-2007-6173 1 Liferay 1 Liferay Enterprise Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information.
CVE-2008-2615 1 Oracle 3 Jd Edwards Enterpriseone, Peoplesoft Enterprise, Peoplesoft Peopletools Component 2026-04-23 N/A
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622.
CVE-2007-6178 1 Easy Hosting Control Panel 1 Easy Hosting Control Panel 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
CVE-2007-5654 1 Litespeed Technologies 1 Litespeed Web Server 2026-04-23 N/A
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
CVE-2007-6182 1 Growth 1 Ispmanager 2026-04-23 N/A
The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
CVE-2007-5720 1 Profilecms 1 Profilecms 2026-04-23 N/A
Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.
CVE-2007-6183 1 Ruby Gnome2 1 Ruby Gnome2 2026-04-23 N/A
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
CVE-2007-5754 1 Phpfaber 1 Urlinn 2026-04-23 N/A
PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter.
CVE-2007-6188 1 Tumusika Evolution 1 Tumusika Evolution 2026-04-23 N/A
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
CVE-2007-5772 1 Flatnuke3 1 Flatnuke3 2026-04-23 N/A
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.
CVE-2007-5780 1 Telematic Lab 1 Teatro 2026-04-23 N/A
PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.