Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | ||||
| CVE-2006-5949 | 1 Altools | 1 Alftp Ftp Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | ||||
| CVE-2006-6631 | 1 Ibiblio | 1 Osprey | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | ||||
| CVE-2006-6633 | 1 Yapbb | 1 Yapbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter. | ||||
| CVE-2006-6635 | 1 Jumbacms | 1 Jumbacms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter. | ||||
| CVE-2007-1879 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2026-04-23 | N/A |
| The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112. | ||||
| CVE-2006-6079 | 1 Imendio Ab | 1 Loudmouth | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php. | ||||
| CVE-2007-0747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | ||||
| CVE-2006-6081 | 1 Telaen | 1 Telaen | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter. | ||||
| CVE-2006-6089 | 1 Baalasp | 1 Baalasp Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field. | ||||
| CVE-2007-0768 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0814 | 1 Adrenalin Labs | 1 Adrenalins Asp Chat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. | ||||
| CVE-2007-0823 | 1 Slackware | 1 Slackware Linux | 2026-04-23 | N/A |
| xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. | ||||
| CVE-2007-1435 | 1 D-link | 1 Tftp Server | 2026-04-23 | N/A |
| Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2686 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. | ||||
| CVE-2007-2792 | 1 Com Yanc | 1 Com Yanc | 2026-04-23 | N/A |
| SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2804 | 1 Candypress | 1 Candypress Store | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters. | ||||
| CVE-2007-2810 | 1 Gazi Download Portal | 1 Gazi Download Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2026-04-23 | N/A |
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||