Export limit exceeded: 359550 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359550 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7213 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | N/A |
| Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. | ||||
| CVE-2006-5112 | 1 Intervations | 1 Navicopa Web Server | 2026-04-23 | N/A |
| Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2006-5113 | 1 Yuuki Yoshizawa | 1 Exporia | 2026-04-23 | N/A |
| Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5962 | 1 Hpecs Shopping Cart | 1 Hpecs Shopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp. | ||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. | ||||
| CVE-2006-5117 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. | ||||
| CVE-2006-7226 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2026-04-23 | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). | ||||
| CVE-2006-5120 | 1 Scott Metoyer | 1 Red Mombin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php. | ||||
| CVE-2007-1066 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2026-04-23 | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. | ||||
| CVE-2006-6150 | 1 Owllib | 1 Owllib | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter. | ||||
| CVE-2007-1071 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. | ||||
| CVE-2006-6153 | 1 Vspin.net | 1 Classified System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. | ||||
| CVE-2007-1080 | 1 Turbosoft | 1 Turboftp | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command. | ||||
| CVE-2006-5147 | 1 Vamp Webmail | 1 Vamp Webmail | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. | ||||
| CVE-2006-5151 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors. | ||||
| CVE-2007-1081 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-1085 | 1 Google | 1 Desktop | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. | ||||
| CVE-2007-1086 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 Universal Database and 3 more | 2026-04-23 | N/A |
| Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | ||||
| CVE-2006-5163 | 1 Ibm | 1 Informix Dynamic Server | 2026-04-23 | N/A |
| IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack. | ||||
| CVE-2006-5171 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Protection Suites | 2026-04-23 | N/A |
| Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. | ||||