Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4096 1 Tor 1 Tor 2026-04-23 N/A
Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2007-4098 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
CVE-2007-4415 1 Cisco 1 Vpn Client 2026-04-23 N/A
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
CVE-2006-5491 1 Ceary 1 Ultracms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
CVE-2007-4101 1 Global Centre 1 Aplomb Poll 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
CVE-2006-5492 1 Maarch 1 Maarch 2026-04-23 N/A
Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants."
CVE-2007-4110 1 Codewidgets 1 Threaded Discussion Forum Application 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2006-6384 1 John Goodman 1 Abitwhizzy 2026-04-23 N/A
Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084.
CVE-2007-4112 1 Advanced Webhost Billing System 1 Advanced Webhost Billing System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
CVE-2007-4120 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims
CVE-2007-4121 1 E-commerce Solutions 3 Auction Script, Multi-vendor E-shop Script, Shopping Cart Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-2724 1 Fotolog 1 Fotolog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-4122 1 Hitachi 1 Jp1-cm2-hierarchical Viewer 2026-04-23 N/A
Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data."
CVE-2007-0966 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.
CVE-2007-0429 1 Divx 1 Divx Player 2026-04-23 N/A
DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.
CVE-2007-4124 1 Hitachi 14 Cosminexus Application Server, Cosminexus Collaboration Portal, Cosminexus Developer and 11 more 2026-04-23 N/A
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.
CVE-2006-7200 1 Emc 1 Rsa Security Sitekey 2026-04-23 N/A
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
CVE-2007-3135 1 Atom 1 Photoblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
CVE-2007-3136 1 Newssync 1 Newssync 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter.
CVE-2007-4141 1 Openrat 1 Openrat Cms 2026-04-23 N/A
OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message.