Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5414 1 Barry Nauta 1 Brim 2026-04-23 N/A
Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL.
CVE-2007-5079 1 Redhat 2 Enterprise Linux, Linux 2026-04-23 N/A
Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.
CVE-2007-3013 1 Activeweb 1 Contentserver 2026-04-23 N/A
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
CVE-2006-5557 1 Hp 1 Hp-ux 2026-04-23 N/A
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
CVE-2007-3049 1 Buttercup Wfm 1 Buttercup Wfm 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2007-3057 1 Xoops 1 Icontent Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVE-2007-3079 1 Eqdkp 1 Eqdkp 2026-04-23 N/A
listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.
CVE-2007-3078 1 Aigaion 1 Aigaion 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php.
CVE-2006-5412 1 Php Outburst 1 Easynews 2026-04-23 N/A
admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.
CVE-2006-5408 1 Mobilesecure Inc 2 Highwall Endpoint, Highwall Enterprise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML or web script via unspecified vectors.
CVE-2007-3521 1 Arcadebuilder 1 Game Portal Manager 2026-04-23 N/A
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
CVE-2006-5553 1 Cisco 3 Security Agent, Unified Callmanager, Unified Presence Server 2026-04-23 N/A
Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options.
CVE-2007-5193 2 Debian, Twiki 2 Debian Linux, Twiki 2026-04-23 N/A
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied.
CVE-2006-5405 1 Toshiba 1 Bluetooth Wireless Device Driver 2026-04-23 N/A
Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets.
CVE-2007-3554 1 Hp 1 Instant Support 2026-04-23 N/A
Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
CVE-2007-3596 1 Izzysoft 1 Phpvideopro 2026-04-23 N/A
inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS).
CVE-2007-3612 1 Visual Irc 1 Visual Irc 2026-04-23 N/A
Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.
CVE-2006-5550 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2026-04-23 N/A
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
CVE-2007-3660 1 Nonnoi Solutions 1 Asp Barcode 2026-04-23 N/A
The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function.
CVE-2007-3636 1 Squirrelmail 2 Gpg Plugin, Squirrelmail 2026-04-23 N/A
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.