Export limit exceeded: 364270 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7174 1 Phpbb 1 Dimension 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.
CVE-2006-6028 1 Anton Vlasov 1 Dosepa 2026-04-23 N/A
Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter.
CVE-2006-7193 1 Smarty 1 Smarty 2026-04-23 N/A
PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant
CVE-2006-7195 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Network Satellite and 2 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
CVE-2007-2843 1 Apple 1 Safari 2026-04-23 N/A
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
CVE-2007-2851 1 Lead Technologies 1 Leadtools Raster Variant Object Library 2026-04-23 N/A
A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method.
CVE-2007-3167 1 Vivotek 1 Mjpegcontrol 2026-04-23 N/A
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
CVE-2006-7190 1 Web-app.net 1 Webapp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.
CVE-2007-1831 1 Web-app.org 1 Webapp 2026-04-23 N/A
web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.
CVE-2006-6029 1 Property Pro 1 Property Pro 2026-04-23 N/A
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2006-5408 1 Mobilesecure Inc 2 Highwall Endpoint, Highwall Enterprise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML or web script via unspecified vectors.
CVE-2006-5933 1 Ultrasite 1 Ultrasite 2026-04-23 N/A
SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0022 1 Apple 1 Mac Os X 2026-04-23 N/A
Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.
CVE-2006-5550 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2026-04-23 N/A
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
CVE-2007-2580 1 Apple 1 Safari 2026-04-23 N/A
Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.
CVE-2007-1929 1 Gna 1 Beryo 2026-04-23 N/A
Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter.
CVE-2007-1930 1 Cattadoc 1 Cattadoc 2026-04-23 N/A
Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.
CVE-2006-6030 1 Futuretec 1 E-calendar Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information.
CVE-2007-3413 1 Bitego 1 Bosdatagrid 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.
CVE-2007-2862 1 Devellion 1 Cubecart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.