Search Results (366763 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4781 1 Joomla 1 Joomla 2026-04-23 N/A
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
CVE-2007-4780 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
CVE-2007-4779 1 Joomla 1 Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
CVE-2007-4512 1 Sophos 1 Anti-virus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.
CVE-2007-3912 1 Debian 1 Debian-goodies 2026-04-23 N/A
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
CVE-2006-6070 1 Asp-nuke 1 Asp-nuke 2026-04-23 N/A
SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.
CVE-2006-6067 1 20 20 Applications 1 20 20 Datashed 2026-04-23 N/A
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
CVE-2006-5786 1 E107 1 E107 2026-04-23 N/A
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2006-5757 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
CVE-2006-5667 1 P-book 1 P-book 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php.
CVE-2006-5666 1 Asmir Alic 1 E Annu 2026-04-23 N/A
SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5662 1 Evandor 1 Easy Notesmanager 2026-04-23 N/A
SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page."
CVE-2006-4517 1 Novell 1 Imanager 2026-04-23 N/A
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.
CVE-2008-5006 1 University Of Washington 1 Imap Toolkit 2026-04-23 N/A
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.
CVE-2008-2439 1 Trend Micro 2 Officescan, Worry Free Business Security 2026-04-23 N/A
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.
CVE-2007-3955 1 Linkedin 1 Toolbar 2026-04-23 N/A
Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information.
CVE-2007-4553 1 Thomson 1 St 2030 Sip Phone 2026-04-23 N/A
The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
CVE-2007-4554 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
CVE-2007-4560 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
CVE-2007-5362 3 Ag-solutions, Joomla, Mambo 3 Mosmedia Lite, Joomla, Mambo 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.