Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4451 1 Toribash 1 Toribash 2026-04-23 N/A
The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters.
CVE-2006-6300 1 Cutephp 1 Cutenews 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter.
CVE-2007-4427 1 Intersystems 1 Cache Database 2026-04-23 N/A
Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.
CVE-2007-4421 1 Olate 1 Olatedownload 2026-04-23 N/A
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
CVE-2006-7032 1 Tufat 1 Flashbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
CVE-2006-5743 1 Mobilesecure 2 Highwall Endpoint, Highwall Enterprise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors.
CVE-2007-0389 1 Arsdigita 2 Arsdigita Community Education Solution, Arsdigita Community System 2026-04-23 N/A
Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.
CVE-2007-1268 1 Mutt 1 Mutt 2026-04-23 N/A
Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2007-2241 1 Isc 1 Bind 2026-04-23 N/A
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
CVE-2007-1827 1 Web-app.org 1 Webapp 2026-04-23 N/A
Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters."
CVE-2007-1096 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
CVE-2007-1568 1 Daansystems 1 Newsreactor 2026-04-23 N/A
Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.
CVE-2006-7077 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
CVE-2006-6294 1 Frisk Software 1 F-prot Antivirus 2026-04-23 N/A
Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors. NOTE: this might be related to CVE-2006-6293, but it is not clear due to the vagueness of the report.
CVE-2006-5243 1 Opendock 1 Easy Doc 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts.
CVE-2007-1102 1 Photostand 1 Photostand 2026-04-23 N/A
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
CVE-2006-6375 1 Simple Machines 1 Smf 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
CVE-2007-1337 1 Vmware 1 Workstation 2026-04-23 N/A
The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.
CVE-2006-5459 1 Alex 1 Downloadengine 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective.
CVE-2007-0860 1 Laboratory For Optical And Computational Instrumentation 1 Local Calendar System 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use