Search Results (362508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5632 1 Ig Shop 1 Ig Shop 2026-04-23 6.1 Medium
Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7065 2 Canon, Microsoft 3 Network Camera Server Vb101, Ie, Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
CVE-2007-1005 2 Broadcom, Ca 2 Etrust Intrusion Detection, Etrust Intrusion Detection 2026-04-23 N/A
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
CVE-2006-5633 1 Mozilla 2 Firefox, Seamonkey 2026-04-23 N/A
Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.
CVE-2006-7067 1 Oracle 1 Database Server 2026-04-23 N/A
Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.
CVE-2006-5634 1 Phpprofiles 1 Phpprofiles 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.
CVE-2006-5635 1 Web Wiz Forums 1 Web Wiz Forums 2026-04-23 N/A
SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter.
CVE-2006-7071 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
CVE-2006-5647 1 Sophos 2 Anti-virus, Endpoint Security 2026-04-23 N/A
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."
CVE-2006-5650 1 Aol 1 Icq 2026-04-23 N/A
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
CVE-2006-7072 1 Geodesicsolutions 1 Geoclassifieds Enterprise 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php.
CVE-2007-1006 2 Ekiga, Redhat 2 Ekiga, Enterprise Linux 2026-04-23 N/A
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.
CVE-2006-5658 1 Studio Achtundachtzig 1 Bloomooweb Activex Control 2026-04-23 N/A
BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.
CVE-2006-5666 1 Asmir Alic 1 E Annu 2026-04-23 N/A
SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-7073 1 Opentools 1 Attachment Mod 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information.
CVE-2007-1007 2 Ekiga, Redhat 3 Ekiga, Enterprise Linux, Enterprise Linux Desktop 2026-04-23 N/A
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
CVE-2006-5671 1 Free Php Scripts 1 Free Image Hosting 2026-04-23 N/A
PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7074 1 Smartsitecms 1 Smartsitecms 2026-04-23 N/A
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.
CVE-2007-1008 1 Apple 1 Itunes 2026-04-23 N/A
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
CVE-2006-5675 1 Pentaho 1 Business Intelligence Suite 2026-04-23 N/A
Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.