Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5967 1 Panda 1 Activescan 2026-04-23 N/A
Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe.
CVE-2006-5977 1 Expinion.net 1 Multicalendars 2026-04-23 N/A
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
CVE-2008-4580 1 Gentoo 2 Cman, Fence 2026-04-23 N/A
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
CVE-2006-6012 1 Mginternet 1 Car Site Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1252 1 Deutsche Telekom 1 Speedport W500 Dsl Router 2026-04-23 N/A
b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.
CVE-2008-1253 1 D-link 1 Dsl-g604t 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.
CVE-2007-6025 1 Wpa Supplicant 1 Wpa Supplicant 2026-04-23 N/A
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.
CVE-2006-6028 1 Anton Vlasov 1 Dosepa 2026-04-23 N/A
Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter.
CVE-2007-6029 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
CVE-2006-6037 1 Leinir 1 Travelsized Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter.
CVE-2007-6035 1 Cacti 1 Cacti 2026-04-23 N/A
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
CVE-2008-1257 1 Zyxel 4 P-660hw, P-660hw D1, P-660hw D3 and 1 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.
CVE-2006-6040 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
CVE-2007-6036 1 Live555 1 Media Server 2026-04-23 N/A
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
CVE-2008-2308 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
CVE-2009-3901 1 Ecouriersoftware 1 E-courirer Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
CVE-2009-3904 1 Cubecart 1 Cubecart 2026-04-23 N/A
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
CVE-2008-2309 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
CVE-2008-4791 1 Drupal 1 Drupal 2026-04-23 N/A
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.
CVE-2008-4792 1 Drupal 1 Drupal 2026-04-23 N/A
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.