Export limit exceeded: 357783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29943 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6302 | 1 Fail2ban | 1 Fail2ban | 2026-04-23 | N/A |
| fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address. | ||||
| CVE-2006-6770 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php. | ||||
| CVE-2006-6771 | 1 Irokez | 1 Irokez Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/. | ||||
| CVE-2007-0488 | 1 Huawei | 1 Versatile Routing Platform | 2026-04-23 | N/A |
| The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command. | ||||
| CVE-2006-6805 | 1 Enthrallweb | 1 Ejobs | 2026-04-23 | N/A |
| SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2007-4105 | 1 Baidu | 1 Soba Search Bar | 2026-04-23 | N/A |
| A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | ||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | ||||
| CVE-2007-1541 | 1 Sql-ledger | 1 Sql-ledger | 2026-04-23 | N/A |
| Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter. | ||||
| CVE-2007-4107 | 1 Phpmyforum | 1 Phpmyforum | 2026-04-23 | N/A |
| SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2026-04-23 | N/A |
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2007-4108 | 1 Codewidgets | 1 Online Event Registration Template | 2026-04-23 | N/A |
| SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2007-1546 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. | ||||
| CVE-2007-1555 | 1 Minerva | 1 Minerva | 2026-04-23 | N/A |
| SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||||
| CVE-2006-5065 | 1 Zoomstats | 1 Zoomstats | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter. | ||||
| CVE-2006-6870 | 1 Avahi | 1 Avahi | 2026-04-23 | N/A |
| The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. | ||||
| CVE-2007-3955 | 1 Linkedin | 1 Toolbar | 2026-04-23 | N/A |
| Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0411 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. | ||||
| CVE-2007-0360 | 1 Oreon Project | 1 Oreon | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2006-6910 | 1 Fersch | 1 Formbankserver | 2026-04-23 | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | ||||
| CVE-2007-0279 | 1 Oracle | 2 E-business Suite, Http Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | ||||