Search Results (362113 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5856 1 Apple 1 Mac Os X 2026-04-23 N/A
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
CVE-2007-1567 1 War Ftp Daemon 1 War Ftp Daemon 2026-04-23 N/A
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain.
CVE-2007-1573 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
CVE-2007-6510 1 Prowizard 1 Prowizard 4 Pc 2026-04-23 N/A
Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.
CVE-2007-1576 1 Phprojekt 1 Phprojekt 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
CVE-2007-1580 1 Ftpdmin 1 Ftpdmin 2026-04-23 N/A
FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument.
CVE-2007-1588 1 Myserver 1 Myserver 2026-04-23 N/A
server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.
CVE-2007-1593 1 Symantec 1 Veritas Volume Replicator 2026-04-23 N/A
The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer.
CVE-2007-1597 1 Unclassified Newsboard 1 Unclassified Newsboard 2026-04-23 N/A
Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.
CVE-2008-0413 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.
CVE-2008-0414 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
CVE-2007-1607 1 W-agora 1 W-agora 2026-04-23 N/A
search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
CVE-2007-1611 1 Sourcenext 1 Ikanari Jijyou 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed.
CVE-2007-1617 1 Scriptmagix 1 Scriptmagix Recipes 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1618 1 Scriptmagix 1 Scriptmagix Faq Builder 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-0367 1 Wesnoth 1 Wesnoth 2026-04-23 N/A
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
CVE-2009-0821 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.
CVE-2006-5729 1 Yazd 1 Yazd Discussion Forum 2026-04-23 N/A
Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.
CVE-2009-0831 1 Php-fusion 2 Members Cv Module, Php-fusion 2026-04-23 N/A
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
CVE-2006-5732 1 Tgs Cms 1 Tgs Cms 2026-04-23 N/A
SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.