Export limit exceeded: 366290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0311 1 Texas Imperial Software 2 Wftpd, Wftpd Pro Server 2026-04-23 N/A
Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.
CVE-2007-0312 1 Wcsimple Poll 1 Wcsimple Poll 2026-04-23 N/A
wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.
CVE-2007-5248 2 Id Software, Take2games 3 Doom 3, Quake 4, Prey 2026-04-23 N/A
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
CVE-2007-0313 1 Gonicus 1 Gonicus System Administration 2026-04-23 N/A
Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.
CVE-2007-5259 1 Ilient 1 Sysaid 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5293 1 Idmos 1 Idmos 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.
CVE-2007-0321 1 Macrovision 1 Flexnet Connect 2026-04-23 N/A
Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.
CVE-2007-5297 1 Minki 1 Minki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2007-6260 1 Oracle 1 Database Server 2026-04-23 N/A
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
CVE-2007-0324 1 Lizardtech 1 Djvu Browser Plug-in 2026-04-23 N/A
Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-5117 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
CVE-2007-0326 1 Photochannel 1 Pni Digital Media Upload Plugin Activex Control 2026-04-23 N/A
Multiple stack-based buffer overflows in the PhotoChannel Networks PNI Digital Media Photo Upload Plugin ActiveX control before 2.0.0.10, as used by multiple retailers, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-0339 1 Scriptme 1 Sme Filemailer 2026-04-23 N/A
SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information.
CVE-2006-5119 1 Zen Cart 1 Zen Cart 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php.
CVE-2006-5120 1 Scott Metoyer 1 Red Mombin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php.
CVE-2007-0346 1 Sme 1 Filemailer 2026-04-23 N/A
SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.
CVE-2007-0349 1 Nicecoder 1 Indexu 2026-04-23 N/A
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.
CVE-2006-5122 1 Hp 1 Mercury Sitescope 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.
CVE-2006-5123 1 Phprojekt 1 Phprojekt 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609.
CVE-2007-1566 1 Netvios 1 Netvios 2026-04-23 N/A
SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954.