Search Results (363118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5143 2 Broadcom, Ca 5 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 2 more 2026-04-23 N/A
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
CVE-2006-6780 1 Hlstats 1 Hlstats 2026-04-23 N/A
SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.
CVE-2007-0725 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."
CVE-2006-5144 1 Olate 1 Olatedownload 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
CVE-2006-6783 1 Logahead 1 Logahead Unu 2026-04-23 N/A
logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.
CVE-2006-5145 1 Olate 1 Olatedownload 2026-04-23 N/A
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
CVE-2006-6784 1 Netbula 1 Anyboard 2026-04-23 N/A
SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form.
CVE-2007-0729 1 Apple 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server 2026-04-23 N/A
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-1471 1 Orion-blog 1 Orion-blog 2026-04-23 N/A
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.
CVE-2006-6785 1 Open Newsletter 1 Open Newsletter 2026-04-23 N/A
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
CVE-2007-0730 1 Apple 2 Mac Os X, Server Manager 2026-04-23 N/A
Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.
CVE-2006-6786 1 Open Newsletter 1 Open Newsletter 2026-04-23 N/A
Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
CVE-2007-0736 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
CVE-2007-1472 1 T-systems Solutions For Research Gmbh 1 Groupit 2026-04-23 N/A
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.
CVE-2006-5148 1 Forum82 1 Forum82 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
CVE-2006-6787 1 Mxmania 1 Newsletter Mx 2026-04-23 N/A
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-0738 1 Apple 1 Mac Os X 2026-04-23 N/A
The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.
CVE-2006-6788 1 Luckybot 1 Luckybot 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php.
CVE-2006-6789 1 Phpbbxtra 1 Phpbbxtra 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0739 1 Apple 1 Mac Os X 2026-04-23 N/A
The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.