Export limit exceeded: 29930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29930 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4872 | 1 Simplenews | 1 Simplenews | 2026-04-23 | N/A |
| SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages. | ||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2026-04-23 | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | ||||
| CVE-2007-1869 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. | ||||
| CVE-2006-5016 | 1 E-vision | 1 E-vision Cms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory. | ||||
| CVE-2007-4658 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | ||||
| CVE-2009-4074 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." | ||||
| CVE-2006-5028 | 1 Swsoft | 2 Plesk, Plesk Reload | 2026-04-23 | N/A |
| Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. | ||||
| CVE-2009-0217 | 4 Ibm, Mono Project, Oracle and 1 more | 9 Websphere Application Server, Mono, Application Server and 6 more | 2026-04-23 | N/A |
| The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | ||||
| CVE-2009-1203 | 1 Cisco | 1 Adaptive Security Appliance | 2026-04-23 | N/A |
| WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. | ||||
| CVE-2007-2060 | 1 Wizz Computers | 1 Wizz Rss Reader | 2026-04-23 | N/A |
| Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM. | ||||
| CVE-2006-6871 | 1 Endonesia | 1 Endonesia | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. | ||||
| CVE-2006-6873 | 1 Endonesia | 1 Endonesia | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. | ||||
| CVE-2009-1381 | 1 Squirrelmail | 3 Imap General.php, Squirrelmail, Squirrelmail1.4.19-1 | 2026-04-23 | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579. | ||||
| CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | ||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | ||||
| CVE-2006-6202 | 1 Nukeai | 1 Nukeai | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter. | ||||
| CVE-2009-1681 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. | ||||
| CVE-2006-6758 | 1 Http Explorer | 1 Http Explorer Web Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI. | ||||
| CVE-2006-6755 | 1 Ixprim | 1 Ixprim Cms | 2026-04-23 | N/A |
| Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message. | ||||
| CVE-2006-6765 | 1 Pagetool | 1 Pagetool | 2026-04-23 | N/A |
| Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter. | ||||