Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0132 1 Igeneric 1 Ig Shop 2026-04-23 N/A
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-5384 1 Cds Software Consortium 1 Cds Agenda 2026-04-23 N/A
PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter.
CVE-2007-2425 1 Blackdot 1 Imageview 2026-04-23 N/A
Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.
CVE-2007-0696 1 Free Lan Intra Internet Portal 1 Free Lan Intra Internet Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.
CVE-2007-0162 1 Unsanity 1 Application Enhancer 2026-04-23 N/A
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
CVE-2006-5387 1 Phpbb Plusxl 1 Plusxl 2026-04-23 N/A
PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0698 1 Mentiss Acgv 1 Acgvannu 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1721 1 Realink 1 C-arbre 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
CVE-2007-0163 1 Securekit 1 Securekit Steganography 2026-04-23 N/A
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.
CVE-2007-0707 1 Gom Player 1 Gom Player 2026-04-23 N/A
Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1724 1 Reactos 1 Reactos 2026-04-23 N/A
Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.
CVE-2006-5389 1 Wyana 1 Php-wyana 2026-04-23 N/A
tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message.
CVE-2007-4060 1 Frank Yaul 1 Corehttp 2026-04-23 N/A
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.
CVE-2006-5391 1 Xfire 1 Xfire 2026-04-23 N/A
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.
CVE-2006-5392 1 Opendoc 1 Fullcore 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts.
CVE-2007-1726 1 Icebb 1 Icebb 2026-04-23 N/A
Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.
CVE-2006-4397 1 Apple 1 Mac Os X 2026-04-23 N/A
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets.
CVE-2006-5395 1 Microsoft 1 Class Package Export Tool 2026-04-23 N/A
Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-6465 1 Wikyblog 1 Wikyblog 2026-04-23 N/A
Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctype_alpha before use
CVE-2007-0164 1 Camouflage 1 Camouflage 2026-04-23 N/A
Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.