Export limit exceeded: 18593 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350298 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350298 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6874 | 1 Endonesia | 1 Endonesia | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1129 | 1 Microsoft | 1 Office Powerpoint | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. | ||||
| CVE-2006-6875 | 1 Openser | 2 Openser, Openser Osp Module | 2026-04-23 | N/A |
| Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. | ||||
| CVE-2006-6887 | 1 Logahead | 1 Logahead Unu | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6925 | 1 Bitweaver | 1 Bitweaver | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php. | ||||
| CVE-2006-6919 | 1 Sage-mozdev | 1 Sage | 2026-04-23 | N/A |
| Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script. | ||||
| CVE-2006-6958 | 1 Phpbluedragon | 1 Phpbluedragon Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076. | ||||
| CVE-2006-6960 | 1 Webroot Software | 1 Spy Sweeper | 2026-04-23 | N/A |
| The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. | ||||
| CVE-2009-1130 | 1 Microsoft | 2 Office, Office Powerpoint | 2026-04-23 | N/A |
| Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." | ||||
| CVE-2006-6974 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. | ||||
| CVE-2006-6981 | 1 3proxy | 1 3proxy | 2026-04-23 | N/A |
| 3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten. | ||||
| CVE-2006-6985 | 1 Maxthon | 1 Maxthon | 2026-04-23 | N/A |
| Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-7000 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. | ||||
| CVE-2009-1132 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2026-04-23 | N/A |
| Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." | ||||
| CVE-2006-7045 | 1 Cmpro Team | 1 Clan Manager Pro | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-7028 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error. | ||||
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2026-04-23 | N/A |
| The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | ||||
| CVE-2009-1133 | 1 Microsoft | 6 Windows 2000, Windows Server, Windows Server 2003 and 3 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." | ||||
| CVE-2006-7056 | 1 Dreamcost | 1 Hostadmin | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791. | ||||
| CVE-2006-7065 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. | ||||