Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | ||||
| CVE-2007-2700 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information. | ||||
| CVE-2008-4237 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. | ||||
| CVE-2006-6187 | 1 Clicktech | 1 Clickgallery | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp. | ||||
| CVE-2006-6156 | 1 Hscripts | 1 Hiox Star Rating System Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6766 | 1 Cwm-design | 1 Cwmexplorer | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information. | ||||
| CVE-2006-5090 | 1 Phoenix Evolution | 1 Phoenix Evolution Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-6153 | 1 Vspin.net | 1 Classified System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. | ||||
| CVE-2006-5088 | 1 Phpheaven | 1 Phpmychat | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. | ||||
| CVE-2006-6146 | 1 Takeshi Kanno | 1 Haru Free Pdf Library | 2026-04-23 | N/A |
| Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle. | ||||
| CVE-2006-5780 | 1 Xlink Technology | 1 Omni-nfs Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm. | ||||
| CVE-2007-0282 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. | ||||
| CVE-2009-3662 | 1 Filecopa-ftpserver | 1 Ftp Server | 2026-04-23 | N/A |
| FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands. | ||||
| CVE-2006-6138 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. | ||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2026-04-23 | N/A |
| Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | ||||
| CVE-2007-6591 | 1 Kde | 1 Konqueror | 2026-04-23 | N/A |
| KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | ||||
| CVE-2006-5564 | 1 Maxdev | 1 Md-pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-3051 | 1 Revokesoft | 1 Revokebb | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie. | ||||
| CVE-2006-6137 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. | ||||
| CVE-2009-1483 | 1 Studiolounge | 1 Address Book | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/. | ||||