Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2145 1 Minigal 1 Minigal 2026-04-23 N/A
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-6422 1 Agileco 2 Agilebill, Agilevoice 2026-04-23 N/A
Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6424 1 Novell 1 Netmail 2026-04-23 N/A
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
CVE-2006-6426 1 Thinkedit 1 Thinkedit 2026-04-23 N/A
PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter.
CVE-2006-6429 1 Xerox 1 Workcentre 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option."
CVE-2006-6438 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.
CVE-2006-6441 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive.
CVE-2007-2134 1 Oracle 1 Enterpriseone 2026-04-23 N/A
Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01.
CVE-2006-6464 1 Midicart Software 1 Midicart Php Shopping Cart 2026-04-23 N/A
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
CVE-2007-1858 2 Apache, Redhat 3 Tomcat, Network Satellite, Rhel Application Server 2026-04-23 N/A
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
CVE-2006-6489 1 Sisco 5 Ax-s4 Iccp, Ax-s4 Mms, Iccp Toolkit and 2 more 2026-04-23 N/A
The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets.
CVE-2006-6505 2 Mozilla, Redhat 3 Seamonkey, Thunderbird, Enterprise Linux 2026-04-23 N/A
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
CVE-2007-1853 1 Hitachi 5 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 2 more 2026-04-23 N/A
Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors.
CVE-2007-1907 1 Pathos 1 Content Management System 2026-04-23 N/A
PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-1749 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.
CVE-2006-6669 1 Webcalendar 1 Webcalendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.
CVE-2007-1590 1 Grandstream 1 Budgetone 200 2026-04-23 N/A
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
CVE-2006-6718 1 Alliedtelesyn 1 At-9000 24 Ethernetswitch 2026-04-23 N/A
The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.
CVE-2006-6131 1 Kerio 1 Webstar 2026-04-23 N/A
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
CVE-2006-6743 1 Phpprofiles 1 Phpprofiles 2026-04-23 N/A
phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php.