Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1442 1 Oracle 1 Database Server 2026-04-23 N/A
Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
CVE-2006-4510 1 Novell 1 Edirectory 2026-04-23 N/A
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
CVE-2006-6854 1 De Marchi Daniele 1 Quickcam 2026-04-23 N/A
The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object.
CVE-2007-0349 1 Nicecoder 1 Indexu 2026-04-23 N/A
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.
CVE-2007-0868 1 Yahoo 1 Messenger 2026-04-23 N/A
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1493 1 Nukescripts 1 Nukesentinel 2026-04-23 N/A
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
CVE-2006-5240 1 Docmint 1 Docmint Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
CVE-2007-1495 1 Symantec 1 Norton Personal Firewall 2026-04-23 N/A
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.
CVE-2006-5628 1 Unisor Cms 1 Unisor Cms 2026-04-23 N/A
SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields.
CVE-2007-1096 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
CVE-2007-1568 1 Daansystems 1 Newsreactor 2026-04-23 N/A
Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.
CVE-2007-1873 1 Mephisto 1 Mephisto 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.
CVE-2006-5243 1 Opendock 1 Easy Doc 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts.
CVE-2007-1102 1 Photostand 1 Photostand 2026-04-23 N/A
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
CVE-2006-5630 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.
CVE-2006-6077 3 Mozilla, Netscape, Redhat 3 Firefox, Navigator, Enterprise Linux 2026-04-23 N/A
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
CVE-2007-0682 1 Jv2 1 Folder Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter.
CVE-2007-0751 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
CVE-2006-5245 1 Eazy Cart 1 Eazy Cart 2026-04-23 N/A
Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/.
CVE-2006-5632 1 Ig Shop 1 Ig Shop 2026-04-23 6.1 Medium
Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.