Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4048 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2026-04-23 N/A
Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.
CVE-2009-3173 1 Theratstudios 1 The Rat Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2007-5889 1 Idmos 1 Idmos 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294.
CVE-2006-6889 1 Freestyle 1 Freestyle Wiki 2026-04-23 N/A
FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat.
CVE-2007-3688 1 Dotclear 1 Dotclear 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.
CVE-2006-6896 1 Plantronic 1 Headset 2026-04-23 N/A
The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations.
CVE-2006-6945 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.
CVE-2006-5533 1 Aroundme 1 Aroundme 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401.
CVE-2008-1057 1 Openbsd 1 Openbsd 2026-04-23 N/A
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.
CVE-2007-3691 1 Av Scripts 1 Av Tutorial Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.
CVE-2006-6960 1 Webroot Software 1 Spy Sweeper 2026-04-23 N/A
The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.
CVE-2006-6972 1 Btitracker 1 Btitracker 2026-04-23 N/A
SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.
CVE-2007-1584 1 Php 1 Php 2026-04-23 N/A
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
CVE-2006-7028 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.
CVE-2008-1701 2 Apple, Novell 2 Mac Os X, Iprint 2026-04-23 N/A
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.
CVE-2008-1735 1 Bitdefender 1 Antivirus 2026-04-23 N/A
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
CVE-2007-1058 1 Online Web Building 1 Online Web Building 2026-04-23 N/A
SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.
CVE-2006-7037 2 Mathsoft, Microsoft 9 Mathcad, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
CVE-2006-7044 1 Cmpro Team 1 Clan Manager Pro 2026-04-23 N/A
PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
CVE-2006-7211 1 Firebirdsql 1 Firebird 2026-04-23 N/A
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.