Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5771 1 Arkoon 1 Ssl360 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0170 1 Allmyphp 1 Allmyvisitors 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
CVE-2007-0531 1 Freewebshop 1 Freewebshop 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
CVE-2006-6636 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
CVE-2007-0592 1 Indexcor 1 Ezdatabase 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.
CVE-2006-6639 1 Chetcpasswd 1 Chetcpasswd 2026-04-23 N/A
Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line.
CVE-2006-5902 1 Viksoe 1 Gmail Drive 2026-04-23 N/A
viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder.
CVE-2007-4331 1 Ctw Design 1 Findnix 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter.
CVE-2006-6644 1 Mxbb 1 Mxbb Meeting 2026-04-23 N/A
PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-6651 1 Intel 1 2200bg Proset Wireless 2026-04-23 N/A
Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information.
CVE-2007-0252 1 Easy-content Filemanager 1 Easy-content Filemanager 2026-04-23 N/A
Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.
CVE-2006-5903 1 Rahul Jonna 1 Gspace 2026-04-23 N/A
Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder.
CVE-2007-4329 1 Mapos Scripts 1 Web News 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
CVE-2006-5906 1 Jean-christophe Ramos 1 Pls-bannieres 2026-04-23 N/A
PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use
CVE-2006-5908 1 Lucas Rodriguez San Pedro 1 Yet Another News System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
CVE-2007-4326 1 Mapos Scripts 1 Bilder Uploader 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts.
CVE-2007-0255 1 Xine 1 Xine 2026-04-23 N/A
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
CVE-2007-0532 1 Tuan Do 1 Uploader 2026-04-23 N/A
Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.
CVE-2007-3317 1 Avaya 1 One-x 2026-04-23 N/A
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.
CVE-2007-0533 1 Atozed Software 1 Intraweb Component 2026-04-23 N/A
The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.