Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-1174 1 Web-app.org 1 Webapp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.
CVE-2007-1440 1 Jgbbs 1 Jgbbs 2026-04-23 N/A
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
CVE-2007-1444 1 Netperf 1 Netperf 2026-04-23 N/A
netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.
CVE-2007-1454 1 Php 1 Php 2026-04-23 N/A
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
CVE-2007-1457 1 Christian Scheurer 2 Unrarlib, Urarfilelib 2026-04-23 N/A
Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument.
CVE-2007-1471 1 Orion-blog 1 Orion-blog 2026-04-23 N/A
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.
CVE-2008-0441 1 Ibm 1 Tivoli Business Service Manager 2026-04-23 N/A
IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information.
CVE-2008-0591 2 Mozilla, Redhat 3 Firefox, Thunderbird, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".
CVE-2008-0663 1 Novell 2 Challenge Response Client, Novell Client For Windows 2026-04-23 N/A
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.
CVE-2008-0708 1 Hp 3 442084-b21, 442085-b21, Proliant 2026-04-23 N/A
HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection.
CVE-2008-0716 1 Symantec 1 Altiris Notification Server 2026-04-23 N/A
The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack.
CVE-2008-0313 1 Symantec 4 Norton 360, Norton Antivirus, Norton Internet Security and 1 more 2026-04-23 N/A
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
CVE-2008-3792 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2026-04-23 N/A
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.
CVE-2008-0384 1 Openbsd 1 Openbsd 2026-04-23 N/A
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
CVE-2007-3945 2 Linux, Rsbac 2 Linux Kernel, Rule Set Based Access Control 2026-04-23 N/A
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
CVE-2008-0303 1 Canon 12 I-sensys, Imagepress, Imagerunner and 9 more 2026-04-23 N/A
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.
CVE-2006-6792 1 Mxmania 1 Calendar Mx Basic 2026-04-23 N/A
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6794 1 Efkan Forum 1 Efkan Forum 2026-04-23 N/A
SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter.
CVE-2006-6795 1 Myphpnuke 1 Myphpnuke My Egallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
CVE-2006-6796 1 Mtcms 1 Mtcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.