Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2488 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. | ||||
| CVE-2006-5287 | 1 Xeobook | 1 Xeobook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters. | ||||
| CVE-2006-6378 | 1 Widcomm | 1 Btsavemysql | 2026-04-23 | N/A |
| BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests. | ||||
| CVE-2006-5625 | 1 Nx | 1 N X Wcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter. | ||||
| CVE-2006-5032 | 1 Phpartenaire | 1 Phpartenaire | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter. | ||||
| CVE-2006-5896 | 1 Remlab | 1 Web Mech Designer | 2026-04-23 | N/A |
| REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. | ||||
| CVE-2006-5033 | 1 Paul Smith Computer Services | 1 Vcap | 2026-04-23 | N/A |
| Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding. | ||||
| CVE-2007-0505 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. | ||||
| CVE-2006-5034 | 1 Paul Smith Computer Services | 1 Vcap | 2026-04-23 | N/A |
| Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
| CVE-2007-1401 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. | ||||
| CVE-2006-7197 | 2 Apache, Redhat | 2 Tomcat, Network Satellite | 2026-04-23 | N/A |
| The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory. | ||||
| CVE-2006-6379 | 1 Broadcom | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Server Protection Suite | 2026-04-23 | N/A |
| Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-0246 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. | ||||
| CVE-2006-5035 | 1 Paul Smith Computer Services | 1 Vcap | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-1402 | 1 Rediff | 1 Toolbar | 2026-04-23 | N/A |
| The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments. | ||||
| CVE-2007-1243 | 1 Audins Audiens | 1 Audins Audiens | 2026-04-23 | N/A |
| Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0797 | 1 Bluevirus-design | 1 Sma-db | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter. | ||||
| CVE-2006-5036 | 1 Squiz | 2 Mysource Classic, Mysource Matrix | 2026-04-23 | N/A |
| MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. | ||||
| CVE-2007-0514 | 1 Hitachi | 19 Cosminexus Application Server, Cosminexus Application Server Version 5, Cosminexus Developer Light Version 6 and 16 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. | ||||
| CVE-2007-1403 | 1 Macromedia | 1 Shockwave | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885. | ||||