Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6939 1 Gnu 1 Ed 2026-04-23 N/A
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
CVE-2006-6295 1 Mxbb 1 Mx Tinies 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-6667 1 Verliadmin 1 Verliadmin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4184 1 Joomla 1 Joomla 2026-04-23 N/A
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
CVE-2007-4191 1 Panda 1 Panda Antivirus 2026-04-23 N/A
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
CVE-2007-3811 1 Esyndicat 1 Esyndicat Directory 2026-04-23 N/A
Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.
CVE-2007-3800 1 Symantec 2 Client Security, Norton Antivirus 2026-04-23 N/A
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
CVE-2007-4208 1 Morgan Ids 1 Next Gen Portfolio Manager 2026-04-23 N/A
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
CVE-2007-4236 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
CVE-2007-4237 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
CVE-2007-4361 1 Netgear 1 Readynas Raidiator 2026-04-23 N/A
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
CVE-2007-4355 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
CVE-2007-4295 1 Cisco 1 Ios 2026-04-23 N/A
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
CVE-2007-4270 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.
CVE-2006-6330 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
CVE-2007-0813 1 Home Production 1 Mysearchengine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4400 1 Konversation 1 Konversation 2026-04-23 N/A
CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2006-5933 1 Ultrasite 1 Ultrasite 2026-04-23 N/A
SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0487 1 Zoneo-soft 1 Freeforum 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used
CVE-2007-4847 1 Google 1 Picasa 2026-04-23 N/A
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.