Export limit exceeded: 354852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5563 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. | ||||
| CVE-2007-2521 | 1 E-gads | 1 E-gads | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | ||||
| CVE-2007-3087 | 1 Peercast | 1 Peercast | 2026-04-23 | N/A |
| Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information. | ||||
| CVE-2007-3356 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php. | ||||
| CVE-2007-3529 | 1 Phpdirector | 1 Phpdirector | 2026-04-23 | N/A |
| videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. | ||||
| CVE-2007-3669 | 1 Innovasys | 1 Dockstudioxp | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via "improper use" of the SaveToFile function. | ||||
| CVE-2007-3751 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. | ||||
| CVE-2007-1305 | 1 Savas Place | 1 Savas Guestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters. | ||||
| CVE-2007-2522 | 1 Broadcom | 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol | 2026-04-23 | N/A |
| Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | ||||
| CVE-2007-3088 | 1 Gaya Design | 1 Comicsense | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter. | ||||
| CVE-2007-3357 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors. | ||||
| CVE-2007-3530 | 1 Phpdirector | 1 Phpdirector | 2026-04-23 | N/A |
| PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. | ||||
| CVE-2007-3670 | 2 Microsoft, Mozilla | 2 Internet Explorer, Firefox | 2026-04-23 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." | ||||
| CVE-2006-5564 | 1 Maxdev | 1 Md-pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5565 | 1 Maxdev | 1 Md-pro | 2026-04-23 | N/A |
| CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-1306 | 1 Digium | 1 Asterisk | 2026-04-23 | N/A |
| Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. | ||||
| CVE-2007-2523 | 2 Broadcom, Ca | 2 Integrated Threat Management, Anti-virus For The Enterprise | 2026-04-23 | N/A |
| CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. | ||||
| CVE-2007-3089 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. | ||||
| CVE-2007-3358 | 1 Iptel | 1 Serweb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | ||||