Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1014 1 Vicftps 1 Vicftps 2026-04-23 N/A
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
CVE-2006-6536 1 Cilem 1 Cilem Haber 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6067 1 20 20 Applications 1 20 20 Datashed 2026-04-23 N/A
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
CVE-2007-2433 1 Ariadne 1 Ariadne Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6420 1 Ryan Demmer 1 Joomla Content Editor 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6538 1 D-link 1 Dwl-2000ap\+ 2026-04-23 N/A
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
CVE-2007-0925 1 Communityserver.org 1 Community Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2007-1127 1 Watersweb Shops 1 Shop Kit Plus 2026-04-23 N/A
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
CVE-2007-2191 7 Bsd, Freepbx, Hp and 4 more 8 Bsd, Freepbx, Hp-ux and 5 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
CVE-2007-2331 1 Shop-script 1 Shop-script 2026-04-23 N/A
PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter.
CVE-2006-6835 1 Neocrome 1 Land Down Under 2026-04-23 N/A
SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.
CVE-2007-4014 1 Wordpress 3 Blix, Blixed, Blixkrieg 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6720 2 Igno Saitz, Redhat 2 Libmikmod, Enterprise Linux 2026-04-23 N/A
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
CVE-2007-4021 1 Brain Book Software 1 Software Secure 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.
CVE-2006-6422 1 Agileco 2 Agilebill, Agilevoice 2026-04-23 N/A
Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6539 1 Flippet.org 1 Winamp Web Interface 2026-04-23 N/A
Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information.
CVE-2006-6540 1 Bluetrait 1 Bluetrait 2026-04-23 N/A
SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
CVE-2006-6541 1 Php 1 Animated Smiley Generator 2026-04-23 N/A
PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit.
CVE-2006-6424 1 Novell 1 Netmail 2026-04-23 N/A
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
CVE-2007-4042 2 Microsoft, Netscape 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more 2026-04-23 N/A
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.