Search Results (29887 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2694 1 Bea 1 Weblogic Server 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-1073 1 Mcrefer 1 Mcrefer 2025-04-09 N/A
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
CVE-2006-6083 1 Creascripts 1 Creadirectory 2025-04-09 N/A
SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2006-7167 1 Prorat 1 Server 2025-04-09 N/A
Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4143 1 Php 1 Php 2025-04-09 N/A
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
CVE-2006-5368 1 Oracle 1 E-business Suite 2025-04-09 N/A
Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01.
CVE-2006-6423 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2025-04-09 N/A
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
CVE-2007-0648 1 Cisco 1 Ios 2025-04-09 N/A
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
CVE-2006-6081 1 Telaen 1 Telaen 2025-04-09 N/A
PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter.
CVE-2006-6077 3 Mozilla, Netscape, Redhat 3 Firefox, Navigator, Enterprise Linux 2025-04-09 N/A
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
CVE-2007-3621 1 Asteridex 1 Asteridex 2025-04-09 N/A
Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.
CVE-2006-6075 1 Baalasp 1 Smart Form Portal 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5372 1 Oracle 1 E-business Suite 2025-04-09 N/A
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS11 for Oracle Universal Work Queue and (2) APPS12 for Oracle Application Object Library.
CVE-2006-6072 1 Bpg-infotech 2 Easy Publisher, Smart Publisher Pro 2025-04-09 N/A
SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5946 1 Funkyasp 1 Glossary 2025-04-09 N/A
SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter.
CVE-2009-2626 1 Php 1 Php 2025-04-09 N/A
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
CVE-2009-1271 1 Php 1 Php 2025-04-09 N/A
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
CVE-2006-5942 1 Website Designs For Less 1 Inventory Manager 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter.
CVE-2007-3371 1 Powl 1 Powl 2025-04-09 N/A
PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter.
CVE-2007-2765 1 Ac Zoom 1 Blockhosts 2025-04-09 N/A
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.