Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6929 | 1 Ga Soft | 1 Rapid Classified | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp. | ||||
| CVE-2007-2814 | 1 Pegasus | 1 Imagn Activex Control | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. | ||||
| CVE-2007-1498 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | ||||
| CVE-2006-6937 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2026-04-23 | N/A |
| SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. | ||||
| CVE-2006-6945 | 1 Virtuemart | 1 Virtuemart | 2026-04-23 | N/A |
| SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php. | ||||
| CVE-2006-6947 | 1 Nec | 1 Multiwriter 1700c | 2026-04-23 | N/A |
| The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | ||||
| CVE-2007-0713 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. | ||||
| CVE-2006-6959 | 1 Webroot Software | 1 Spy Sweeper | 2026-04-23 | N/A |
| WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. | ||||
| CVE-2006-6963 | 1 Docebo | 1 Docebo | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. | ||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2026-04-23 | N/A |
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6973 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/. | ||||
| CVE-2007-2818 | 1 Cactusoft | 1 Parodia | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter. | ||||
| CVE-2007-2824 | 1 Alstrasoft | 1 E-friends | 2026-04-23 | N/A |
| SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | ||||
| CVE-2007-2825 | 1 Atmail | 1 Atmail Webmail | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. | ||||
| CVE-2006-6983 | 1 Myweb4net | 1 Myweb4net Browser | 2026-04-23 | N/A |
| Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2007-2895 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2026-04-23 | N/A |
| Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | ||||
| CVE-2007-0558 | 1 Inter7 | 1 Vhostadmin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. | ||||
| CVE-2007-0589 | 1 Forum Livre | 1 Forum Livre | 2026-04-23 | N/A |
| SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. | ||||
| CVE-2007-3028 | 1 Microsoft | 1 Windows 2000 | 2026-04-23 | N/A |
| The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. | ||||
| CVE-2007-2921 | 1 Corel | 1 Activecgm Browser | 2026-04-23 | N/A |
| Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. | ||||