Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5388 1 Webspell 1 Webspell 2026-04-23 N/A
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783.
CVE-2007-0707 1 Gom Player 1 Gom Player 2026-04-23 N/A
Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1724 1 Reactos 1 Reactos 2026-04-23 N/A
Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.
CVE-2006-6424 1 Novell 1 Netmail 2026-04-23 N/A
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
CVE-2006-5389 1 Wyana 1 Php-wyana 2026-04-23 N/A
tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message.
CVE-2006-5391 1 Xfire 1 Xfire 2026-04-23 N/A
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.
CVE-2007-1188 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
CVE-2007-2233 1 Cosign 1 Cosign 2026-04-23 N/A
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
CVE-2006-5901 1 Hawking Technology 1 Wr254-ca Wireless Router 2026-04-23 N/A
Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
CVE-2006-5597 1 Minihttp 1 Web Forum File Sharing Sever Powerpack 2026-04-23 N/A
join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters.
CVE-2006-5594 1 University Of British Columbia 1 Ipeer 2026-04-23 N/A
PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP.
CVE-2007-1106 1 Nomoketos Rules 1 Nomoketos Rules 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-1071 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
CVE-2007-0925 1 Communityserver.org 1 Community Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-7029 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.
CVE-2007-0920 1 Philboard 1 Philboard 2026-04-23 N/A
SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2007-6333 1 Hp 2 Info Center, Quick Launch Button 2026-04-23 N/A
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
CVE-2007-1848 1 Drake Team 1 Drake Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
CVE-2007-0717 1 Apple 1 Quicktime 2026-04-23 N/A
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
CVE-2007-2416 1 E-annu 1 E-annu 2026-04-23 N/A
SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.