Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5936 1 Sitexpress 1 Sitexpress E-commerce System 2026-04-23 N/A
SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1633 1 Giorgio Ciranni 1 Splatt Forum 2026-04-23 N/A
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
CVE-2007-1669 2 Amavis, Barracuda Networks 2 Amavis, Barracuda Spam Firewall 2026-04-23 N/A
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
CVE-2006-5774 1 Hyper Nikki System 1 Hyper Nikki System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2007-1626 1 Php-nuke 1 Iframe Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-1625 1 Realguestbook 1 Realguestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data.
CVE-2006-5736 1 Punbb 1 Punbb 2026-04-23 N/A
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.
CVE-2006-5732 1 Tgs Cms 1 Tgs Cms 2026-04-23 N/A
SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.
CVE-2006-5729 1 Yazd 1 Yazd Discussion Forum 2026-04-23 N/A
Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.
CVE-2006-6609 1 Alientrap 1 Nexuiz 2026-04-23 N/A
Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information.
CVE-2007-1618 1 Scriptmagix 1 Scriptmagix Faq Builder 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-3007 2 Flock, Mozilla 3 Flock, Firefox, Seamonkey 2026-04-23 N/A
Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
CVE-2007-1617 1 Scriptmagix 1 Scriptmagix Recipes 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1611 1 Sourcenext 1 Ikanari Jijyou 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed.
CVE-2007-1607 1 W-agora 1 W-agora 2026-04-23 N/A
search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
CVE-2007-1597 1 Unclassified Newsboard 1 Unclassified Newsboard 2026-04-23 N/A
Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.
CVE-2007-0559 1 Rp World 1 Rp World 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.
CVE-2007-1588 1 Myserver 1 Myserver 2026-04-23 N/A
server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.
CVE-2007-1567 1 War Ftp Daemon 1 War Ftp Daemon 2026-04-23 N/A
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain.
CVE-2007-1565 1 Kde 1 Konqueror 2026-04-23 N/A
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.