Export limit exceeded: 359553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5880 | 1 Isystems | 1 Munch Pro | 2026-04-23 | N/A |
| SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1662 | 1 Pcre | 1 Pcre | 2026-04-23 | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | ||||
| CVE-2006-5883 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. | ||||
| CVE-2006-5884 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | ||||
| CVE-2007-0465 | 1 Apple | 2 Installer, Mac Os X | 2026-04-23 | N/A |
| Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | ||||
| CVE-2006-5896 | 1 Remlab | 1 Web Mech Designer | 2026-04-23 | N/A |
| REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. | ||||
| CVE-2007-0472 | 1 Smb4k | 1 Smb4k | 2026-04-23 | N/A |
| Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp. | ||||
| CVE-2006-5899 | 1 Acid Stats | 1 Acid Stats | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack | ||||
| CVE-2007-1418 | 1 Mindtouch | 1 Dekiwiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2007-0493 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2026-04-23 | N/A |
| Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." | ||||
| CVE-2007-1669 | 2 Amavis, Barracuda Networks | 2 Amavis, Barracuda Spam Firewall | 2026-04-23 | N/A |
| zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-0495 | 1 Phpsherpa | 1 Phpsherpa | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | ||||
| CVE-2007-1451 | 1 Guppy | 1 Guppy | 2026-04-23 | N/A |
| GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php). | ||||
| CVE-2006-5955 | 1 20 20 Applications | 1 20 20 Datashed | 2026-04-23 | N/A |
| SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2026-04-23 | N/A |
| XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2007-0498 | 1 Sky Gunning | 1 Myspeach | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. | ||||
| CVE-2007-1866 | 1 Dproxy | 1 Dproxy | 2026-04-23 | N/A |
| Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465. | ||||
| CVE-2007-1882 | 1 Hp | 1 Mercury Quality Center | 2026-04-23 | N/A |
| qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method. | ||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. | ||||
| CVE-2007-1326 | 1 Serendipity | 1 Serendipity | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | ||||