Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6185 1 Wabbit 1 Wabbit Php Gallery 2026-04-23 N/A
Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php.
CVE-2007-0374 2 Joomla, Mambo 2 Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
CVE-2007-1046 1 Dem Trac 1 Dem Trac 2026-04-23 N/A
Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt.
CVE-2007-2740 1 Xajax 1 Xajax 2026-04-23 N/A
Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.
CVE-2006-6187 1 Clicktech 1 Clickgallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp.
CVE-2007-1743 1 Apache 1 Http Server 2026-04-23 N/A
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
CVE-2006-6777 1 Future Internet 1 Future Internet 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action.
CVE-2007-1047 1 Distributed Checksum Clearinghouse 1 Dcc 2026-04-23 N/A
Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps.
CVE-2007-0641 1 Shaffer Solutions Corp 1 Dapcnfsd.dll 2026-04-23 N/A
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
CVE-2007-0845 1 Advanced Poll 1 Advanced Poll 2026-04-23 N/A
admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
CVE-2007-0643 1 Bloodshed Software 1 Dev-c\+\+ 2026-04-23 N/A
Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
CVE-2006-5367 1 Oracle 1 E-business Suite 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community.
CVE-2006-5735 1 Punbb 1 Punbb 2026-04-23 N/A
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table.
CVE-2007-0644 1 Apple 1 Safari 2026-04-23 N/A
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
CVE-2007-1266 1 Gnome 1 Evolution 2026-04-23 N/A
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2006-5091 1 Hp 1 Hp-ux 2026-04-23 N/A
Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.
CVE-2006-5106 1 Facileforms 1 Facileforms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-1745 2 Clam Anti-virus, Ifenslave 2 Clamav, Ifenslave 2026-04-23 N/A
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
CVE-2007-1024 1 Marcello Vitagliano 1 Meganoides News 2026-04-23 N/A
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
CVE-2007-2869 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.