Search Results (367157 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5991 1 Cactusoft 1 Cactushop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
CVE-2007-2634 1 Agner Fog 1 Aforum 2026-04-23 N/A
PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2640 1 Heiko Stamer 1 Libtmcg 2026-04-23 N/A
LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards.
CVE-2007-2641 1 W1l3d4 1 Philboard 2026-04-23 N/A
SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920.
CVE-2007-2642 1 R2k 1 R2k Gallery 2026-04-23 N/A
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
CVE-2007-2645 1 Libexif 1 Libexif 2026-04-23 N/A
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
CVE-2006-6027 1 Adobe 1 Acrobat Reader 2026-04-23 N/A
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
CVE-2007-3119 1 Kartli Alisveris Sistemi 1 Kartli Alisveris Sistemi 2026-04-23 N/A
SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2006-6031 1 Gcis 1 Aspcart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.
CVE-2007-3120 1 Aiocp 1 Aiocp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-6037 1 Leinir 1 Travelsized Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter.
CVE-2006-6039 1 Powie 1 Php Matchmaker 2026-04-23 N/A
SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter.
CVE-2007-3773 1 Generic Youtube Clone Script 1 Generic Youtube Clone Script 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.
CVE-2006-5878 1 Edgewall Software 1 Trac 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
CVE-2006-5834 1 Opensolution 1 Quick.cms.lite 2026-04-23 N/A
Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.
CVE-2007-1427 1 Assetman 1 Assetman 2026-04-23 N/A
Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.
CVE-2006-5835 1 Ibm 1 Lotus Notes 2026-04-23 N/A
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
CVE-2006-5836 1 Opendarwin 1 Darwin Kernel 2026-04-23 N/A
The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.
CVE-2007-1428 1 Php Labs 1 Jobsitepro 2026-04-23 N/A
SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
CVE-2007-1430 1 Clip-share 1 Clipshare 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.