Export limit exceeded: 359767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0072 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. | ||||
| CVE-2008-6959 | 1 Chilkatsoft | 1 Chilkat Socket | 2026-04-23 | N/A |
| Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647. | ||||
| CVE-2009-1615 | 1 Gowondesigns | 1 Leap | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request. | ||||
| CVE-2009-2321 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string. | ||||
| CVE-2006-5804 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
| CVE-2006-6022 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2006-6160 | 1 Doug Luxem | 1 Liberum Help Desk | 2026-04-23 | N/A |
| SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6434 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors. | ||||
| CVE-2006-6088 | 1 Blue-collar Productions | 1 I-gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | ||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | ||||
| CVE-2006-6924 | 1 Bitweaver | 1 Bitweaver | 2026-04-23 | N/A |
| bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380. | ||||
| CVE-2006-7016 | 1 Phpjobboard | 1 Phpjobboard | 2026-04-23 | N/A |
| phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. | ||||
| CVE-2006-4393 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. | ||||
| CVE-2007-1339 | 1 Monitor-line | 1 Links Management | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter. | ||||
| CVE-2006-6908 | 2 Broadcom, Microsoft | 3 Widcomm Bluetooth, Windows Embedded Compact, Windows Mobile | 2026-04-23 | N/A |
| Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-7040 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2026-04-23 | N/A |
| Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service. | ||||
| CVE-2006-7141 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability | ||||
| CVE-2006-7203 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs"). | ||||
| CVE-2007-0048 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2026-04-23 | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." | ||||