Search Results (121102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7180 1 Madwifi 1 Madwifi 2026-04-23 N/A
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.
CVE-2006-7184 1 Photography-on-the-net 1 Exhibit Engine 2 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4983 1 Cowon America 1 Jetaudio 2026-04-23 N/A
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
CVE-2006-7185 1 Cmsmelborp 1 Cmsmelborp 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
CVE-2006-7188 1 Web-app.net 1 Webapp 2026-04-23 N/A
The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.
CVE-2007-4984 2 Ktauber, Phpbb 2 Stylesdemo, Phpbb 2026-04-23 N/A
SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2006-7193 1 Smarty 1 Smarty 2026-04-23 N/A
PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant
CVE-2006-7199 1 Emc 1 Rsa Security Sitekey 2026-04-23 N/A
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."
CVE-2006-7201 1 Emc 1 Rsa Security Sitekey 2026-04-23 N/A
EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.
CVE-2006-7202 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
CVE-2006-7207 1 Ageet 1 Agephone 2026-04-23 N/A
Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
CVE-2006-7208 1 Adam Van Dongen 2 Com Forum, Phpbb Component 2026-04-23 N/A
PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-7214 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
CVE-2006-7216 1 Apache 1 Derby 2026-04-23 N/A
Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
CVE-2006-7217 1 Apache 1 Derby 2026-04-23 N/A
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
CVE-2006-7218 1 Ez 1 Ez Publish 2026-04-23 N/A
eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
CVE-2006-7220 1 Sap 2 Saplpd, Sapsprint 2026-04-23 N/A
Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3160 1 Php Real Estate Classifieds 1 Php Real Estate Classifieds 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.
CVE-2008-0524 1 Yamaha 18 Rt107e, Rt52pro, Rt56v and 15 more 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors.
CVE-2007-4946 1 Jasmine Technologies 1 Lettergrade 2026-04-23 N/A
LetterGrade allows remote attackers to obtain sensitive information (installation path or account existence) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.