Export limit exceeded: 359893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5890 | 1 Superfreaker Studios | 1 Usupport | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5891 | 1 Superfreaker Studios | 1 Ustore | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-5895 | 1 Encapscms | 1 Encapscms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | ||||
| CVE-2007-3166 | 1 Qualcomm | 1 Eudora | 2026-04-23 | N/A |
| Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. | ||||
| CVE-2006-5909 | 1 Paul Tarjan | 1 Stanford Conference And Research Forum | 2026-04-23 | N/A |
| generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts. | ||||
| CVE-2006-6255 | 1 Nukeai | 1 Nukeai | 2026-04-23 | N/A |
| Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request. | ||||
| CVE-2007-3160 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. | ||||
| CVE-2006-5867 | 2 Fetchmail, Redhat | 2 Fetchmail, Enterprise Linux | 2026-04-23 | N/A |
| fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. | ||||
| CVE-2006-5868 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2026-04-23 | N/A |
| Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | ||||
| CVE-2006-6253 | 1 Cahier De Textes | 1 Cahier De Textes | 2026-04-23 | N/A |
| Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql. | ||||
| CVE-2007-3155 | 1 Egroupware | 1 Egroupware | 2026-04-23 | N/A |
| Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. | ||||
| CVE-2006-5869 | 1 Pstotext | 1 Pstotext | 2026-04-23 | N/A |
| pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. | ||||
| CVE-2007-3153 | 1 Daniel Stenberg | 1 C-ares | 2026-04-23 | N/A |
| The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | ||||
| CVE-2006-6249 | 1 Chama Cargo | 1 Chama Cargo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-1820 | 1 Oracle | 3 Database 10g, Database 11g, Database 9i | 2026-04-23 | N/A |
| Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure. | ||||
| CVE-2006-6225 | 1 Geeklog | 1 Geeklog | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory. | ||||
| CVE-2006-6229 | 1 Codewalkers | 1 Ltwcalendar | 2026-04-23 | N/A |
| Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file. | ||||
| CVE-2006-5265 | 1 Microsoft | 1 Dynamics Gp | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | ||||
| CVE-2006-6232 | 1 Dreamcost | 1 Dreamaccount | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | ||||