Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6259 1 Alternc 1 Alternc 2026-04-23 N/A
Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain.
CVE-2007-0336 1 Rixstep 1 Undercover 2026-04-23 N/A
Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.
CVE-2006-6260 1 Redbinaria 1 Siap Cms 2026-04-23 N/A
SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-5739 1 Leicestershire 1 Communityportals 2026-04-23 N/A
PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280.
CVE-2006-6029 1 Property Pro 1 Property Pro 2026-04-23 N/A
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2007-0375 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.
CVE-2007-1721 1 Realink 1 C-arbre 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
CVE-2006-5961 1 Pegasus 1 Mercury Mail Transport System 2026-04-23 N/A
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable.
CVE-2008-3820 1 Cisco 1 Security Manager 2026-04-23 N/A
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
CVE-2007-1880 1 Kaspersky Lab 2 Kaspersky Anti-virus, Kaspersky Internet Security 2026-04-23 N/A
Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.
CVE-2008-3819 1 Cisco 4 Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Gss 4491 Global Site Selector and 1 more 2026-04-23 N/A
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.
CVE-2007-1252 1 Symantec 1 Mail Security 2026-04-23 N/A
Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.
CVE-2007-3199 1 American Financing 1 Link Request Contact Form 2026-04-23 N/A
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.
CVE-2007-1813 1 Inconnueteam 1 Ecal 2026-04-23 N/A
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
CVE-2006-6069 1 Malbum 1 Malbum 2026-04-23 N/A
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.
CVE-2007-3200 1 Novell 1 Modular Authentication Service 2026-04-23 N/A
NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.
CVE-2008-7106 1 Sophos 1 Puremessage For Microsoft Exchange 2026-04-23 N/A
The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay).
CVE-2006-6085 1 Kile 1 Kile 2026-04-23 N/A
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.
CVE-2006-6087 1 My Little Homepage 1 My Little Weblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2007-3202 1 Bruce Corkhill 1 Web Wiz Rich Text Editor 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.