Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29551 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1005 2 Broadcom, Ca 2 Etrust Intrusion Detection, Etrust Intrusion Detection 2025-04-09 7.8 HIGH N/A
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
CVE-2007-1133 1 Scripter.ch 1 Fcring 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
CVE-2007-0195 1 F5 1 Firepass 2025-04-09 5.0 MEDIUM N/A
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
CVE-2007-2600 1 Wavelink Media 1 Tutorialcms 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
CVE-2007-4446 1 Toribash 1 Toribash 2025-04-09 7.5 HIGH N/A
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
CVE-2007-0466 1 Telestream 1 Flip4mac Windows Media Components For Quicktime 2025-04-09 10.0 HIGH N/A
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
CVE-2006-7053 1 Arkoon 1 Fast360 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."
CVE-2006-6839 1 Phpbb Group 1 Phpbb 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
CVE-2006-6965 1 Andreas Gohr 1 Dokuwiki 2025-04-09 4.3 MEDIUM N/A
CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.
CVE-2007-1764 1 Faststone 1 Image Viewer 2025-04-09 6.0 MEDIUM N/A
Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image.
CVE-2008-6530 1 Ezonescripts 1 Living Local 2025-04-09 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
CVE-2007-3693 1 Gobi And Helma 1 Gobi 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.
CVE-2006-5381 1 Contenido 1 Contendio 2025-04-09 5.0 MEDIUM N/A
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory.
CVE-2006-5600 1 Axalto 1 Protiva 2025-04-09 2.1 LOW N/A
Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config.
CVE-2006-5285 1 Xeoport 1 Xeoport 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter.
CVE-2006-6364 1 Inside Systems 1 Inside Systems 2025-04-09 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2007-3923 1 Cisco 3 Wide Area Application Engine, Wide Area Application Engine Nm-wae-502, Wide Area Application Services 2025-04-09 7.8 HIGH N/A
The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.
CVE-2007-3616 1 Vtiger 1 Vtiger Crm 2025-04-09 6.5 MEDIUM N/A
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
CVE-2006-5821 1 Citrix 2 Metaframe, Metaframe Presentation Server 2025-04-09 7.5 HIGH N/A
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
CVE-2007-0787 1 Simple Invoices 1 Simple Invoices 2025-04-09 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information.