Export limit exceeded: 29885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29885 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3594 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343. | ||||
| CVE-2007-2885 | 1 Microsoft | 1 Visual Database Tools Database Designer | 2025-04-09 | N/A |
| The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. | ||||
| CVE-2006-5435 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use | ||||
| CVE-2007-2887 | 1 Forsnet | 1 Web Icerik Yonetim Sistemi | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page. | ||||
| CVE-2008-6564 | 1 Nortel | 2 Communication Server 1000, Unistim Protocol | 2025-04-09 | N/A |
| Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. | ||||
| CVE-2007-2894 | 1 Bochs Project | 1 Bochs | 2025-04-09 | N/A |
| The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. | ||||
| CVE-2006-5433 | 1 Timm Maass | 1 Alice Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter. | ||||
| CVE-2006-4578 | 1 The Address Book | 1 The Address Book | 2025-04-09 | N/A |
| export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2007-2920 | 1 Zoomify | 1 Zoomify Viewer Activex Control | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-3228 | 1 Simian Systems Inc | 1 Sitellite Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess. | ||||
| CVE-2006-5426 | 1 Local Calendar System | 1 Local Calendar System | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter. | ||||
| CVE-2007-1900 | 1 Php | 1 Php | 2025-04-09 | N/A |
| CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | ||||
| CVE-2007-2921 | 1 Corel | 1 Activecgm Browser | 2025-04-09 | N/A |
| Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-4579 | 1 The Address Book | 1 The Address Book | 2025-04-09 | N/A |
| Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter. | ||||
| CVE-2006-4580 | 1 The Address Book | 1 The Address Book | 2025-04-09 | N/A |
| register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". | ||||
| CVE-2007-1901 | 1 Sonicbb | 1 Sonicbb | 2025-04-09 | N/A |
| SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message. | ||||
| CVE-2007-2948 | 1 Mplayer | 1 Mplayer | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | ||||
| CVE-2007-2977 | 1 Domjudge | 1 Domjudge | 2025-04-09 | N/A |
| Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2972 | 1 Avira | 2 Antivir, Av Pack | 2025-04-09 | N/A |
| The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | ||||
| CVE-2007-2986 | 1 Nexen | 1 Adminbot Mx | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. | ||||