Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1240 1 Mozilla 2 Firefox, Seamonkey 2026-04-23 N/A
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
CVE-2006-6875 1 Openser 2 Openser, Openser Osp Module 2026-04-23 N/A
Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.
CVE-2007-2716 1 Eqdkp 1 Eqdkp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.
CVE-2006-5536 1 D-link 1 Dsl-g624t 2026-04-23 N/A
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
CVE-2006-5533 1 Aroundme 1 Aroundme 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401.
CVE-2007-1226 1 Mcafee 1 Virex 2026-04-23 N/A
McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.
CVE-2007-1224 1 Grok Developments 1 Netproxy 2026-04-23 N/A
Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
CVE-2007-1972 1 Bmc 1 Performance Manager 2026-04-23 N/A
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured
CVE-2006-6876 1 Openser 1 Openser 2026-04-23 N/A
Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument.
CVE-2007-2720 1 Group-office 1 Group-office Groupware 2026-04-23 N/A
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.
CVE-2007-2721 2 Jasper Jpeg-2000, Redhat 2 Jasper Jpeg-2000, Enterprise Linux 2026-04-23 N/A
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
CVE-2006-5531 1 Ascended Development 1 Ascended Guestbook 2026-04-23 N/A
PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter.
CVE-2006-6877 1 Matteo Lucarelli 1 3editor Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
CVE-2007-0877 1 March Networks 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more 2026-04-23 N/A
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2724 1 Fotolog 1 Fotolog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-2727 1 Php 1 Php 2026-04-23 N/A
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
CVE-2006-6879 1 Php-update 1 Php-update 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
CVE-2007-0054 1 Belchior Foundry 1 Vcard Pro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
CVE-2007-2731 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.
CVE-2007-2733 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448.