Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1581 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. | ||||
| CVE-2007-0852 | 1 Techexcel Inc. | 1 Devtrack | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | ||||
| CVE-2006-5268 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." | ||||
| CVE-2007-4352 | 2 Redhat, Xpdf | 2 Enterprise Linux, Xpdf | 2026-04-23 | N/A |
| Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | ||||
| CVE-2007-1574 | 1 Care2x | 1 Care2x | 2026-04-23 | N/A |
| CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0851 | 1 Trend Micro | 23 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 20 more | 2026-04-23 | N/A |
| Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. | ||||
| CVE-2006-6877 | 1 Matteo Lucarelli | 1 3editor Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | ||||
| CVE-2006-5266 | 1 Microsoft | 1 Dynamics Gp | 2026-04-23 | N/A |
| Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component. | ||||
| CVE-2006-6876 | 1 Openser | 1 Openser | 2026-04-23 | N/A |
| Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. | ||||
| CVE-2006-5265 | 1 Microsoft | 1 Dynamics Gp | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | ||||
| CVE-2007-1567 | 1 War Ftp Daemon | 1 War Ftp Daemon | 2026-04-23 | N/A |
| Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain. | ||||
| CVE-2006-6875 | 1 Openser | 2 Openser, Openser Osp Module | 2026-04-23 | N/A |
| Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. | ||||
| CVE-2006-5264 | 1 Mysqldumper | 1 Mysqldumper | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter. | ||||
| CVE-2007-1558 | 2 Apop Protocol, Redhat | 2 Apop Protocol, Enterprise Linux | 2026-04-23 | N/A |
| The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products. | ||||
| CVE-2007-0850 | 1 Syscp Team | 1 Syscp | 2026-04-23 | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. | ||||
| CVE-2006-6874 | 1 Endonesia | 1 Endonesia | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5263 | 1 Phpmyagenda | 1 Phpmyagenda | 2026-04-23 | N/A |
| Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code. | ||||
| CVE-2007-0849 | 1 Syscp Team | 1 Syscp | 2026-04-23 | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568. | ||||
| CVE-2006-6873 | 1 Endonesia | 1 Endonesia | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. | ||||