Search Results (366299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6478 1 Rosoftengineering 1 Rosoft Media Player 2026-04-23 N/A
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
CVE-2006-5706 1 Php 1 Php 2026-04-23 N/A
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
CVE-2006-6995 1 V3 Chat 1 V3chat Instant Messenger 2026-04-23 N/A
mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.
CVE-2007-4326 1 Mapos Scripts 1 Bilder Uploader 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts.
CVE-2007-0153 1 Adam Jarret 1 Ajlogin 2026-04-23 N/A
AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.
CVE-2007-0884 1 Roaring Penguin 1 Mimedefang 2026-04-23 N/A
Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2007-0971 1 Jupiter Cms 1 Jupiter Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.
CVE-2007-1011 1 Vs-gastebuch 1 Vs-gastebuch 2026-04-23 N/A
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
CVE-2007-1019 1 Webspell 1 Webspell 2026-04-23 N/A
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
CVE-2008-3289 1 Storcentric 1 Retrospect Backup Client 2026-04-23 7.5 High
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.
CVE-2008-2244 1 Microsoft 1 Office Word 2026-04-23 N/A
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
CVE-2007-1750 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2026-04-23 N/A
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
CVE-2008-3328 1 Edgewall Software 1 Trac 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2007-1824 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
CVE-2008-4955 1 Duncan Webb 1 Freevo 2026-04-23 N/A
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.
CVE-2008-3919 1 Justsystems 1 Ichitaro 2026-04-23 N/A
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
CVE-2008-5227 1 Phpcow 1 Phpcow 2026-04-23 N/A
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.
CVE-2008-3357 3 Actian, Hp, Linux 3 Ingres, Hp-ux, Linux Kernel 2026-04-23 N/A
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."
CVE-2008-3392 1 Webwizguide 1 Web Wiz Forum 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
CVE-2007-4759 1 Hitachi 3 Ucosminexus Application Server Enterprise, Ucosminexus Application Server Standard, Ucosminexus Service Platform 2026-04-23 N/A
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.