Export limit exceeded: 347194 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347194 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6090 | 1 Baalasp | 1 Smart Form Portal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp. | ||||
| CVE-2006-6091 | 1 Grimbb | 1 Grimbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-6097 | 2 Gnu, Redhat | 2 Tar, Enterprise Linux | 2026-04-23 | N/A |
| GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | ||||
| CVE-2007-2634 | 1 Agner Fog | 1 Aforum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6107 | 2 D-bus, Redhat | 2 D-bus, Enterprise Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). | ||||
| CVE-2006-5727 | 1 Sazcart | 1 Sazcart | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/controls/cart.php in sazcart 1.5 allows remote attackers to execute arbitrary PHP code via the (1) _saz[settings][shippingfolder] and (2) _saz[settings][taxfolder] parameters. | ||||
| CVE-2007-2391 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | ||||
| CVE-2007-2393 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | ||||
| CVE-2009-3609 | 7 Foolabs, Glyph And Cog, Glyphandcog and 4 more | 7 Xpdf, Pdftops, Xpdfreader and 4 more | 2026-04-23 | N/A |
| Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | ||||
| CVE-2007-2397 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. | ||||
| CVE-2007-2398 | 2 Apple, Microsoft | 2 Safari, Windows 2003 Server | 2026-04-23 | N/A |
| Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | ||||
| CVE-2007-2410 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2026-04-23 | N/A |
| WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2006-5704 | 1 Hp | 1 Nonstop Server | 2026-04-23 | N/A |
| HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files. | ||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | ||||
| CVE-2009-3611 | 2 Fedoraproject, Le-web | 2 Fedora, Backintime | 2026-04-23 | 7.1 High |
| common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. | ||||
| CVE-2006-5705 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. | ||||
| CVE-2006-5707 | 1 Phpeasydata Pro | 1 Phpeasydata Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2009-3613 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. | ||||
| CVE-2006-5712 | 1 Mirapoint | 1 Mirapoint Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. | ||||
| CVE-2006-5715 | 1 Efs Software | 1 Easy Address Book | 2026-04-23 | N/A |
| Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. | ||||