Export limit exceeded: 29886 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29886 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5800 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6775 | 1 Acftp | 1 Acftp | 2025-04-09 | N/A |
| acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command. | ||||
| CVE-2007-0427 | 1 Microsoft | 1 Html Help Workshop | 2025-04-09 | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. | ||||
| CVE-2007-3212 | 1 Beehive Forum | 1 Beehive Forum | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460. | ||||
| CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | ||||
| CVE-2007-0425 | 1 Bea | 2 Jrockit, Weblogic Server | 2025-04-09 | N/A |
| Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | ||||
| CVE-2007-0717 | 1 Apple | 1 Quicktime | 2025-04-09 | N/A |
| Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. | ||||
| CVE-2007-0420 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. | ||||
| CVE-2007-0722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image. | ||||
| CVE-2007-5804 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. | ||||
| CVE-2007-0429 | 1 Divx | 1 Divx Player | 2025-04-09 | N/A |
| DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | ||||
| CVE-2006-5522 | 1 Johannes Erdfelt | 1 Kawf | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php. | ||||
| CVE-2006-5565 | 1 Maxdev | 1 Md-pro | 2025-04-09 | N/A |
| CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5557 | 1 Hp | 1 Hp-ux | 2025-04-09 | N/A |
| Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. | ||||
| CVE-2007-2286 | 1 Built2go | 1 Php Link Portal | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter. | ||||
| CVE-2006-5623 | 1 Ee Tool | 1 Ee Tool | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | ||||
| CVE-2006-5596 | 1 Aep Networks | 1 Smartgate Ssl Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. | ||||
| CVE-2006-5604 | 1 Phpcards | 1 Phpcards | 2025-04-09 | N/A |
| Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter. | ||||
| CVE-2006-5624 | 1 Mpcs | 1 Mpcs | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-3079 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | N/A |
| listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path. | ||||