Export limit exceeded: 361816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 361816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0135 1 Aratix 1 Aratix 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.
CVE-2007-0149 1 Ememberspro 1 Ememberspro 2026-04-23 N/A
EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.
CVE-2006-6318 1 Stefan Ritt 1 Elog Web Logbook 2026-04-23 N/A
The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
CVE-2006-6311 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript.
CVE-2006-6310 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6309 1 Ibm 1 Tivoli Storage Manager 2026-04-23 N/A
Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855.
CVE-2006-6302 1 Fail2ban 1 Fail2ban 2026-04-23 N/A
fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address.
CVE-2007-1064 2 Cisco, Meetinghouse 4 Secure Services Client, Security Agent, Trust Agent and 1 more 2026-04-23 N/A
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
CVE-2007-1065 2 Cisco, Meetinghouse 4 Secure Services Client, Security Agent, Trust Agent and 1 more 2026-04-23 N/A
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
CVE-2006-6240 1 Telnet Ftp Server 1 Telnet Ftp Server 2026-04-23 N/A
Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument, as demonstrated by RETR (GET) or STOR (PUT). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1069 1 Vmware 1 Workstation 2026-04-23 N/A
The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).
CVE-2006-6236 1 Adobe 1 Acrobat Reader 2026-04-23 N/A
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.
CVE-2007-1073 1 Mcrefer 1 Mcrefer 2026-04-23 N/A
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
CVE-2007-0225 1 Virtual Programming 1 Vp-asp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2007-1074 1 Dji 1 Newsbin Pro 2026-04-23 N/A
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.
CVE-2007-1077 1 Design4online 1 Userpages2 2026-04-23 N/A
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1081 1 Typo3 1 Typo3 2026-04-23 N/A
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
CVE-2007-0231 1 Six Apart 1 Movable Type 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.
CVE-2007-1091 1 Microsoft 2 Ie, Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
CVE-2007-0232 1 Jshop E-commerce 1 Jshop Server 2026-04-23 N/A
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.