Export limit exceeded: 359472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359472 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5148 | 1 Forum82 | 1 Forum82 | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts. | ||||
| CVE-2007-0342 | 2 Apple, Omnigroup | 4 Mac Os X, Safari, Webkit and 1 more | 2026-04-23 | 7.5 High |
| WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. | ||||
| CVE-2007-0344 | 1 Colloquy | 1 Colloquy | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. | ||||
| CVE-2007-0345 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | ||||
| CVE-2007-0346 | 1 Sme | 1 Filemailer | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter. | ||||
| CVE-2006-5161 | 1 Ibm | 1 Client Security Password Manager | 2026-04-23 | N/A |
| IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page. | ||||
| CVE-2007-0347 | 1 Cvstrac | 1 Cvstrac | 2026-04-23 | N/A |
| The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. | ||||
| CVE-2007-1026 | 1 Scriptdungeon | 1 Xlatunes | 2026-04-23 | N/A |
| SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0348 | 3 Interactual Technologies, Intervideo, Roxio | 3 Interactual Player, Windvd, Cineplayer | 2026-04-23 | N/A |
| Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property. | ||||
| CVE-2007-0349 | 1 Nicecoder | 1 Indexu | 2026-04-23 | N/A |
| Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter. | ||||
| CVE-2007-1030 | 1 Niels Provos | 1 Libevent | 2026-04-23 | N/A |
| Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. | ||||
| CVE-2006-5170 | 3 Debian, Fedoraproject, Redhat | 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more | 2026-04-23 | N/A |
| pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. | ||||
| CVE-2006-5177 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2026-04-23 | N/A |
| The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read. | ||||
| CVE-2007-0351 | 2 Microsoft, Zonelabs | 3 Windows 2003 Server, Windows Xp, Zonealarm | 2026-04-23 | N/A |
| Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. | ||||
| CVE-2006-5178 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. | ||||
| CVE-2007-0352 | 1 Microsoft | 1 Html Help Workshop | 2026-04-23 | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. | ||||
| CVE-2006-5180 | 1 Baumedia | 1 Newswriter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/main.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter, a different vector than CVE-2006-5102. | ||||
| CVE-2007-0354 | 1 Mgb | 1 Opensource Guestbook | 2026-04-23 | N/A |
| SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5184 | 1 Pkr Internet | 1 Taskjitsu | 2026-04-23 | N/A |
| SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid. | ||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2026-04-23 | N/A |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | ||||