Export limit exceeded: 365825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6745 2 Redhat, Sun 3 Rhel Extras, J2se, Jre 2026-04-23 N/A
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
CVE-2006-6742 1 Hp 3 Ftp Print Server, Laserjet 5000, Laserjet 5100 2026-04-23 N/A
Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command.
CVE-2006-6740 1 Phpprofiles 1 Phpprofiles 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1149 1 Lovecms 1 Lovecms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
CVE-2008-5303 2 Perl, Redhat 3 File\, Perl, Enterprise Linux 2026-04-23 N/A
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
CVE-2009-1747 1 26thavenue 1 Bspeak 2026-04-23 N/A
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
CVE-2009-1748 1 Joost Horward 1 Catviz 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.
CVE-2009-1752 1 Exjune 1 Office Message System 2026-04-23 N/A
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information.
CVE-2009-1084 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.
CVE-2007-0756 1 Chicken Of The Vnc 1 Chicken Of The Vnc 2026-04-23 N/A
Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.
CVE-2009-4476 1 Hauri 1 Virobot Desktop 2026-04-23 N/A
Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of these details are obtained from third party information.
CVE-2006-6476 1 Mandiant 1 First Response 2026-04-23 N/A
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).
CVE-2007-0757 1 Miguel Nunes 1 Call Of Duty 2 Dreamstats System 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.
CVE-2006-6477 1 Mandiant 1 First Response 2026-04-23 N/A
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack.
CVE-2007-0759 1 Umberto Caldera 1 Easymoblog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.
CVE-2006-6484 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-23 N/A
The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. NOTE: some details were obtained from third party information.
CVE-2006-6486 1 Easypage 1 Easypage 2026-04-23 N/A
SQL injection vulnerability in EasyPage allows remote attackers to execute arbitrary SQL commands via unspecified vectors in sptrees/default.aspx, possibly involving the docId parameter. NOTE: this issue appears to have been disputed by a third party researcher, stating that SQL injection is not possible. However, insufficient details were provided to evaluate the dispute.
CVE-2006-6487 1 Dt Guestbook 1 Dt Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.
CVE-2006-6488 1 Iconics 1 Dialog Wrapper Module Activex Control 2026-04-23 N/A
Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.
CVE-2007-0760 1 Eqdkp 1 Eqdkp 2026-04-23 N/A
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.