Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7080 1 Exv2 1 Content Management System 2026-04-23 N/A
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
CVE-2007-0332 1 Xentraz 1 Liens Dynamiques 2026-04-23 N/A
(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.
CVE-2008-0915 1 Ipdiva 1 Ipdiva 2026-04-23 N/A
The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value.
CVE-2006-7061 1 Scriptsez.net 1 E-dating System 2026-04-23 N/A
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
CVE-2006-7184 1 Photography-on-the-net 1 Exhibit Engine 2 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3266 1 Ifnet 1 Webif.cgi 2026-04-23 N/A
Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.
CVE-2008-5089 1 Datadynamics 1 Activereports 2026-04-23 N/A
Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method.
CVE-2006-6896 1 Plantronic 1 Headset 2026-04-23 N/A
The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations.
CVE-2007-0479 1 Cisco 1 Ios Transmission Control Protocol 2026-04-23 N/A
Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.
CVE-2007-0333 1 Agnitum 1 Outpost Firewall 2026-04-23 N/A
Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.
CVE-2007-2323 1 Intervideo 1 Home Theater 2026-04-23 N/A
Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0334 1 Ingate 1 Firewall And Siparator 2026-04-23 N/A
Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.
CVE-2007-1725 1 Icebb 1 Icebb 2026-04-23 N/A
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.
CVE-2007-2821 1 Wordpress 1 Wordpress 2026-04-23 N/A
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
CVE-2007-2330 1 Dynatracker 1 Dynatracker 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2007-0987 1 Jupiter Cms 1 Jupiter Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter.
CVE-2007-2467 1 Zonelabs 1 Zonealarm 2026-04-23 N/A
ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.
CVE-2007-3267 1 Fuzzylime Forum 1 Fuzzylime Forum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.
CVE-2007-2994 1 Dian Gemilang 1 Dgnews 2026-04-23 N/A
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
CVE-2006-3455 1 Symantec 2 Client Security, Norton Antivirus 2026-04-23 N/A
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.