Export limit exceeded: 342614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1180 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact. | ||||
| CVE-2006-6112 | 1 Lifetype | 1 Lifetype | 2025-04-09 | N/A |
| LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message. | ||||
| CVE-2006-6119 | 1 Mmgallery | 1 Mmgallery | 2025-04-09 | N/A |
| mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages. | ||||
| CVE-2006-6155 | 1 Hscripts | 1 Hiox Star Rating System Script | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3486 | 1 Altavista | 1 Search Engine | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI. | ||||
| CVE-2007-0097 | 1 Conexware | 1 Powerarchiver 2006 | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. | ||||
| CVE-2006-6140 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6182 | 1 Gabriele Teotino | 1 Gnotebook | 2025-04-09 | N/A |
| The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file. | ||||
| CVE-2006-6439 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors. | ||||
| CVE-2007-2558 | 1 Netsliver | 1 Pfa Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use | ||||
| CVE-2007-2560 | 1 Mentiss Acgv | 1 Acgvannu | 2025-04-09 | N/A |
| Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter. | ||||
| CVE-2006-6226 | 1 Neoengine | 1 Neoengine | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp. | ||||
| CVE-2006-6246 | 1 Photo Organizer | 1 Photo Organizer | 2025-04-09 | N/A |
| Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations. | ||||
| CVE-2007-2563 | 1 Versalsoft | 1 Http File Upload Activex Control | 2025-04-09 | N/A |
| Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument. | ||||
| CVE-2006-6931 | 1 Snort | 1 Snort | 2025-04-09 | N/A |
| Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack." | ||||
| CVE-2007-2573 | 1 Phptree | 1 Phptree | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter. | ||||
| CVE-2007-0192 | 1 Mkportal | 1 Mkportal | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack. | ||||
| CVE-2006-6302 | 1 Fail2ban | 1 Fail2ban | 2025-04-09 | N/A |
| fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address. | ||||
| CVE-2006-6719 | 1 Gnu | 1 Wget | 2025-04-09 | N/A |
| The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | ||||
| CVE-2006-6348 | 1 Mowdbb | 1 Mowdbb | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter. | ||||