Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2035 1 Cisco 1 Wireless Control System 2026-04-23 N/A
Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.
CVE-2009-1447 1 E-cart 1 Free Shopping Cart 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
CVE-2007-2033 1 Cisco 1 Wireless Control System 2026-04-23 N/A
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.
CVE-2009-3004 1 Avant Force 1 Avant Browser 2026-04-23 N/A
Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
CVE-2009-3005 1 Lunascape 1 Lunascape 2026-04-23 N/A
Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
CVE-2009-3007 2 Flock, Mozilla 3 Flock, Firefox, Seamonkey 2026-04-23 N/A
Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
CVE-2009-1615 1 Gowondesigns 1 Leap 2026-04-23 N/A
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
CVE-2009-3008 1 Christophe Thibault 1 K-meleon 2026-04-23 N/A
K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
CVE-2009-1634 1 Novell 1 Groupwise 2026-04-23 N/A
The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.
CVE-2006-6807 1 Softwebs Nepal 1 Ananda Real Estate 2026-04-23 N/A
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
CVE-2006-6806 1 Enthrallweb 1 Emates 2026-04-23 N/A
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6796 1 Mtcms 1 Mtcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
CVE-2006-6792 1 Mxmania 1 Calendar Mx Basic 2026-04-23 N/A
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6791 1 Chatwm 1 Chatwm 2026-04-23 N/A
SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters.
CVE-2006-6786 1 Open Newsletter 1 Open Newsletter 2026-04-23 N/A
Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
CVE-2007-3046 1 Advanced Software Production Line 1 Vortex Library 2026-04-23 N/A
Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information.
CVE-2006-6128 1 Linux 1 Linux Kernel 2026-04-23 N/A
The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed.
CVE-2006-6127 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.
CVE-2006-5896 1 Remlab 1 Web Mech Designer 2026-04-23 N/A
REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message.
CVE-2006-5750 2 Jboss, Redhat 2 Jboss Application Server, Rhel Application Stack 2026-04-23 N/A
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.