Export limit exceeded: 347309 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18849 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4121 | 1 E-commerce Solutions | 3 Auction Script, Multi-vendor E-shop Script, Shopping Cart Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2465 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. | ||||
| CVE-2009-2053 | 1 Cisco | 1 Unified Communications Manager | 2026-04-23 | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236. | ||||
| CVE-2006-4581 | 1 The Address Book | 1 The Address Book | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts. | ||||
| CVE-2006-7037 | 2 Mathsoft, Microsoft | 9 Mathcad, Windows 2000, Windows 2003 Server and 6 more | 2026-04-23 | N/A |
| Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext. | ||||
| CVE-2007-4451 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. | ||||
| CVE-2006-5482 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. | ||||
| CVE-2007-1756 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2026-04-23 | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". | ||||
| CVE-2007-3712 | 1 Hiddenchest | 1 Yb Ve Bayi Babvuru Formu | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7038 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2026-04-23 | N/A |
| Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service. | ||||
| CVE-2007-3710 | 1 Php Comet-server | 1 Php Comet-server | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter. | ||||
| CVE-2006-6694 | 1 Scriptsfrenzy.com | 1 E-uploader Pro | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php. | ||||
| CVE-2007-2599 | 1 Wavelink Media | 1 Tutorialcms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. | ||||
| CVE-2007-2865 | 1 Phppgadmin | 1 Phppgadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | ||||
| CVE-2007-1729 | 1 Revolutionproducts | 1 Flexbb | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php. | ||||
| CVE-2006-6195 | 1 Fixit Knowledge Solutions | 1 Idms Pro Image Gallery | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp. | ||||
| CVE-2006-5076 | 1 Back-end | 1 Back-end Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php. | ||||
| CVE-2007-2023 | 1 Secustick | 1 Secustick Usb Flash Drive | 2026-04-23 | N/A |
| USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. | ||||
| CVE-2009-0276 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | ||||
| CVE-2006-7041 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2026-04-23 | N/A |
| The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known. | ||||