Search Results (367154 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5413 1 Supermod 1 Supermod 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php.
CVE-2007-3929 1 Opera 1 Opera Browser 2026-04-23 N/A
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.
CVE-2006-5410 1 Boonex 1 Dolphin 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.
CVE-2007-3927 1 Ipswitch 2 Imail Server, Ipswitch Collaboration Suite 2026-04-23 N/A
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."
CVE-2007-5480 1 Innovaage 1 Innovashop 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.
CVE-2007-5479 1 Xcomputer 1 Xcomputer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.
CVE-2007-3911 1 Bakbone 1 Netvault Reporter 2026-04-23 N/A
Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.
CVE-2007-3921 1 Gforge 1 Gforge 2026-04-23 N/A
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
CVE-2007-3910 1 Bandersnatch 1 Bandersnatch 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs.
CVE-2007-3902 1 Microsoft 2 Ie, Internet Explorer 2026-04-23 N/A
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
CVE-2006-5396 1 Sun 1 Solaris 2026-04-23 N/A
The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.
CVE-2007-3897 1 Microsoft 2 Outlook Express, Windows Mail 2026-04-23 N/A
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
CVE-2007-3893 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
CVE-2006-5384 1 Cds Software Consortium 1 Cds Agenda 2026-04-23 N/A
PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter.
CVE-2006-5380 1 Contenido 1 Contendio 2026-04-23 N/A
Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value
CVE-2007-5478 1 Nabh Information Systems 1 Stringbeans Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter.
CVE-2007-3891 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
CVE-2006-5378 1 Oracle 1 Enterpriseone 2026-04-23 N/A
Unspecified vulnerability in JD Edwards HTML Server in JD Edwards EnterpriseOne SP23_O2, 8.95.P1, and 8.96.D1 has unknown impact and remote authenticated attack vectors, aka Vuln# JDE01.
CVE-2007-3890 1 Microsoft 2 Excel, Office 2026-04-23 N/A
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
CVE-2009-4338 2 Jean-david Gadina, Typo3 2 Slideshow, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.