Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4358 1 Zoidcom 1 Zoidcom 2026-04-23 N/A
Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.
CVE-2006-5971 1 Verity 1 Ultraseek 2026-04-23 N/A
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.
CVE-2007-4255 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
CVE-2006-7124 1 Joomla 1 Bsq Sitestats 2026-04-23 N/A
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
CVE-2007-4360 1 Dell 1 Remote Access Card 2026-04-23 N/A
Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability.
CVE-2006-7115 1 Phpkit 1 Phpkit 2026-04-23 N/A
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
CVE-2007-1265 1 Kde 1 K-mail 2026-04-23 N/A
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2007-4361 1 Netgear 1 Readynas Raidiator 2026-04-23 N/A
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
CVE-2007-4362 1 Prozilla 1 Webring 2026-04-23 N/A
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-6424 1 Novell 1 Netmail 2026-04-23 N/A
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
CVE-2006-5011 1 Ibm 1 Aix 2026-04-23 N/A
Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".
CVE-2008-1148 8 Apple, Cosmicperl, Darwin and 5 more 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more 2026-04-23 N/A
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
CVE-2006-5062 1 Pblang 1 Pblang 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.
CVE-2007-1970 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.
CVE-2008-0470 2 Comodo, Microsoft 2 Comodo Antivirus, Activex 2026-04-23 N/A
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
CVE-2007-4365 1 Exv2 1 Content Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.
CVE-2006-5068 1 Brudaswen 1 Brudanews 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter.
CVE-2006-6363 1 Bluesocket 1 Bsc 2100 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter.
CVE-2007-4404 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.
CVE-2007-4406 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.