Export limit exceeded: 347464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347464 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1249 | 1 Contelligent | 1 C1 Financial Services | 2026-04-23 | N/A |
| MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | ||||
| CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5441 | 1 Comdev | 1 Comdev Web Blogger | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-3077 | 1 Eqdkp | 1 Eqdkp | 2026-04-23 | N/A |
| SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter. | ||||
| CVE-2006-5442 | 1 Viewvc | 1 Viewvc | 2026-04-23 | N/A |
| ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view. | ||||
| CVE-2007-1252 | 1 Symantec | 1 Mail Security | 2026-04-23 | N/A |
| Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources. | ||||
| CVE-2007-2499 | 1 Globalmegacorp | 1 Dvddb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php. | ||||
| CVE-2006-5443 | 1 Xiao Gang | 1 Www Interactive Mathematics Server | 2026-04-23 | N/A |
| Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." | ||||
| CVE-2007-1255 | 1 Connectix | 1 Connectix Boards | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks. | ||||
| CVE-2006-5444 | 1 Digium | 1 Asterisk | 2026-04-23 | N/A |
| Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | ||||
| CVE-2006-5445 | 1 Digium | 1 Asterisk | 2026-04-23 | N/A |
| Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | ||||
| CVE-2006-5446 | 1 Casinosoft | 1 Casino Script | 2026-04-23 | N/A |
| SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter. | ||||
| CVE-2006-5447 | 1 Dev | 1 Dev Web Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2006-5448 | 1 Microsoft | 1 Windows Digital Rights Management | 2026-04-23 | N/A |
| The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. | ||||
| CVE-2007-1256 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. | ||||
| CVE-2006-5449 | 1 Horde | 1 Ingo H3 | 2026-04-23 | N/A |
| procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. | ||||
| CVE-2007-1262 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | ||||
| CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2026-04-23 | N/A |
| server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | ||||
| CVE-2007-3078 | 1 Aigaion | 1 Aigaion | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. | ||||
| CVE-2007-3353 | 1 Mywebland | 1 Myevent | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class. | ||||