Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5286 1 Novell 1 Bordermanager 2026-04-23 N/A
Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings."
CVE-2007-2861 1 Saxon 1 Saxon 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.
CVE-2006-5075 1 Sun 1 Solaris 2026-04-23 N/A
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.
CVE-2007-3189 1 Jffnms 1 Just For Fun Network Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-0395 1 Comvironment 1 Comvironment 2026-04-23 N/A
PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2006-5241 1 Opendock 1 Easy Gallery 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts.
CVE-2008-5985 1 Gnome 1 Epiphany 2026-04-23 N/A
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
CVE-2007-0911 1 Php 1 Php 2026-04-23 N/A
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
CVE-2007-0391 1 Bitdefender 1 Bitdefender Client 2026-04-23 N/A
Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.
CVE-2007-2705 1 Bea 2 Weblogic Integration, Weblogic Workshop 2026-04-23 N/A
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
CVE-2006-5283 1 Minichat 1 Minichat 2026-04-23 N/A
PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter.
CVE-2007-2711 1 Tinyirc 1 Tinyidentd 2026-04-23 N/A
Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.
CVE-2006-6031 1 Gcis 1 Aspcart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.
CVE-2007-2406 1 Apple 3 Mac Os X, Mac Os X Server, Quartz Composer 2026-04-23 N/A
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file.
CVE-2006-6029 1 Property Pro 1 Property Pro 2026-04-23 N/A
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2007-3229 1 Singapore 1 Image Gallery Web Application 2026-04-23 N/A
index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message.
CVE-2006-6025 1 Qualcomm 1 Eudora Worldmail 2026-04-23 7.5 High
QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2006-6024 1 Qualcomm 1 Eudora Worldmail 2026-04-23 9.8 Critical
Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2006-5238 1 Blue Smiley Organizer 1 Blue Smiley Organizer 2026-04-23 N/A
Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors.
CVE-2007-3239 1 Wordpress 1 Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.