Export limit exceeded: 29885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29885 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5511 | 1 Jaxultrabb | 1 Jaxultrabb | 2025-04-09 | N/A |
| Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter. | ||||
| CVE-2006-5513 | 1 Geonetwork | 1 Opensource | 2025-04-09 | N/A |
| SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. | ||||
| CVE-2007-4424 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. | ||||
| CVE-2006-5515 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface. | ||||
| CVE-2007-1557 | 1 F-secure | 1 F-secure Anti-virus | 2025-04-09 | N/A |
| Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. | ||||
| CVE-2007-3067 | 1 Eqdkp | 1 Attunement And Key | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php. | ||||
| CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | ||||
| CVE-2007-1988 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-5638 | 1 Phpmyring | 1 Phpmyring | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters. | ||||
| CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2025-04-09 | N/A |
| SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2006-5650 | 1 Aol | 1 Icq | 2025-04-09 | N/A |
| The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | ||||
| CVE-2006-5651 | 1 Digioz | 1 Digioz Guestbook | 2025-04-09 | N/A |
| list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message. | ||||
| CVE-2006-5652 | 1 Sun | 1 Iplanet Messaging Server Messenger Express | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE. | ||||
| CVE-2007-1991 | 1 Youngzsoft | 1 Cmailserver | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. | ||||
| CVE-2007-2011 | 1 Deskpro | 1 Deskpro | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2006-5655 | 1 Opendocman | 1 Opendocman | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-5089 | 1 My-bic | 1 My-bic | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. CVE disputes this vulnerability because the file variable is defined before use in a way that prevents arbitrary inclusion | ||||
| CVE-2007-0168 | 1 Broadcom | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite | 2025-04-09 | N/A |
| The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed. | ||||
| CVE-2006-5657 | 1 Vilistextum | 1 Vilistextum | 2025-04-09 | N/A |
| Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors. | ||||
| CVE-2006-5660 | 1 Cisco | 1 Security Agent Management Center | 2025-04-09 | N/A |
| Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server. | ||||