Search Results (121285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0371 1 Alilg 1 Alitalk 2026-04-23 N/A
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.
CVE-2007-4260 1 Ez Photo Sales 1 Ez Photo Sales 2026-04-23 N/A
EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
CVE-2006-5359 1 Oracle 2 Application Server, E-business Suite 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these issues are related to (a) showenv and (b) parsequery for REP01, and (c) cellwrapper and (d) delimiter for REP02.
CVE-2007-4259 1 Ez Photo Sales 1 Ez Photo Sales 2026-04-23 N/A
EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
CVE-2007-4257 1 Lfs 1 Live For Speed 2026-04-23 N/A
Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.
CVE-2006-5358 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01.
CVE-2007-4253 1 Envolution 1 Envolution 2026-04-23 N/A
SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
CVE-2007-4252 1 Chilkat Software 1 Asp String 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.
CVE-2006-5348 1 Oracle 3 Collaboration Suite, E-business Suite, Http Server 2026-04-23 N/A
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.
CVE-2007-4250 1 Advanced Searchbar 1 Advanced Searchbar 2026-04-23 N/A
The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.33 allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
CVE-2008-0367 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
CVE-2007-4149 1 Visionsoft 1 Audit 2026-04-23 N/A
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.
CVE-2008-0281 1 Id-commerce 1 Id-commerce 2026-04-23 N/A
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
CVE-2006-5098 1 Andreas Gohr 1 Dokuwiki 2026-04-23 N/A
lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
CVE-2008-0291 1 Hangzhou Rui-qiang 1 Richstrong Cms 2026-04-23 N/A
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-1094 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-23 N/A
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
CVE-2007-4153 1 Wordpress 1 Wordpress 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
CVE-2006-5103 1 Bbsnew 1 Bbsnew 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.
CVE-2007-4158 1 Tibco 1 Rendezvous 2026-04-23 N/A
Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830.
CVE-2007-4336 1 Microsoft 1 Directx Media 2026-04-23 N/A
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.