Search Results (26360 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6998 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.
CVE-2008-5966 1 Globsy 1 Globsy 2026-04-23 N/A
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.
CVE-2008-5963 1 Gravity-gtd 1 Gravity-gtd 2026-04-23 N/A
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
CVE-2006-6979 1 Amarok 1 Amarok 2026-04-23 N/A
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
CVE-2008-5937 1 Zkesoft 1 Ayeview 2026-04-23 N/A
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
CVE-2007-6179 1 Kinson Chan Charray 1 Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/.
CVE-2008-5936 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
CVE-2008-5906 1 Ktorrent 1 Ktorrent 2026-04-23 N/A
Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.
CVE-2008-3274 1 Redhat 2 Enterprise Ipa, Freeipa 2026-04-23 N/A
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
CVE-2008-5904 1 Xrdp 1 Xrdp 2026-04-23 N/A
The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
CVE-2006-6956 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
CVE-2008-5887 1 Tincan 1 Phplist 2026-04-23 N/A
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
CVE-2008-3286 1 Sierra 1 Swat 4 2026-04-23 N/A
SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.
CVE-2008-5872 1 Nortel 1 Multimedia Communication Server 5100 2026-04-23 N/A
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.
CVE-2008-5870 1 Faststone 1 Image Viewer 2026-04-23 N/A
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
CVE-2008-3362 2 Giulio Ganci, Wordpress 2 Wp Downloads Manager, Wp Downloads Manager 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
CVE-2008-5849 1 Checkpoint 1 Vpn-1 2026-04-23 N/A
Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.
CVE-2006-6954 1 Flock 1 Flock 2026-04-23 N/A
Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
CVE-2008-5828 1 Microsoft 1 Windows Live Messenger 2026-04-23 N/A
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
CVE-2007-6190 1 Cisco 1 Unified Ip Phone 2026-04-23 N/A
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.