Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5678 | 2 J-pierre Dezelus, Phpmyconferences | 2 Les Visiteurs, Phpmyconferences | 2026-04-23 | 9.8 Critical |
| PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php | ||||
| CVE-2007-2350 | 1 Freepbx | 1 Freepbx | 2026-04-23 | N/A |
| admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. | ||||
| CVE-2007-2392 | 1 Apple | 2 Mac Os X, Quicktime | 2026-04-23 | N/A |
| Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | ||||
| CVE-2006-5973 | 1 Timo Sirainen | 1 Dovecot | 2026-04-23 | N/A |
| Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file. | ||||
| CVE-2007-2387 | 1 Apple | 1 Xserve Lights-out Management | 2026-04-23 | N/A |
| Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | ||||
| CVE-2007-4556 | 1 Opensymphony | 1 Xwork | 2026-04-23 | N/A |
| Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. | ||||
| CVE-2006-6982 | 1 3proxy | 1 3proxy | 2026-04-23 | N/A |
| 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. | ||||
| CVE-2007-1029 | 1 Quicksoft | 1 Easymail Objects | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name. | ||||
| CVE-2007-2414 | 2 Microsoft, Myserver | 2 All Windows, Myserver | 2026-04-23 | N/A |
| MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2007-2416 | 1 E-annu | 1 E-annu | 2026-04-23 | N/A |
| SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter. | ||||
| CVE-2007-2425 | 1 Blackdot | 1 Imageview | 2026-04-23 | N/A |
| Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter. | ||||
| CVE-2007-1539 | 1 Pragmamx | 1 Landkarten | 2026-04-23 | N/A |
| Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file. | ||||
| CVE-2007-2419 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2026-04-23 | N/A |
| Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | ||||
| CVE-2007-2432 | 1 Nukedit | 1 Nukedit | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5435 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use | ||||
| CVE-2006-5120 | 1 Scott Metoyer | 1 Red Mombin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php. | ||||
| CVE-2006-6941 | 1 Freewebshop | 1 Freewebshop | 2026-04-23 | N/A |
| index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | ||||
| CVE-2007-2468 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." | ||||
| CVE-2006-5311 | 1 Buzlas | 1 Buzlas | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-2474 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070. | ||||