Export limit exceeded: 367196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367196 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3124 1 Freevms 1 Freevms 2026-04-23 N/A
Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt.
CVE-2007-3576 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar.
CVE-2006-6117 1 Fipsasp 1 Fipsgallery 2026-04-23 N/A
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
CVE-2007-1484 1 Php 1 Php 2026-04-23 N/A
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.
CVE-2006-6091 1 Grimbb 1 Grimbb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-1473 1 Horde 1 Horde Application Framework 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
CVE-2007-1472 1 T-systems Solutions For Research Gmbh 1 Groupit 2026-04-23 N/A
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.
CVE-2007-3122 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
CVE-2006-6084 1 Unverse.net 1 Abitwhizzy 2026-04-23 N/A
Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-1471 1 Orion-blog 1 Orion-blog 2026-04-23 N/A
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.
CVE-2007-1470 1 Netsw 1 Libftp 2026-04-23 N/A
Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote attackers to execute arbitrary code via certain long arguments to the (1) FtpArchie, (2) FtpDebugDebug, (3) FtpOpenDir, (4) FtpSize, or (5) FtpChmod function.
CVE-2006-6060 1 Linux 1 Linux Kernel 2026-04-23 N/A
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
CVE-2006-6058 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.
CVE-2006-6055 1 D-link 1 Dwl-g132 2026-04-23 N/A
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
CVE-2006-5879 1 Aspportal 1 Aspportal 2026-04-23 N/A
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
CVE-2006-5881 1 Dynamic Dataworx 1 Nucommunity 2026-04-23 N/A
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.
CVE-2006-5882 2 Broadcom, Linksys 2 Bcmwl5.sys Wireless Device Driver, Wpc300n Wireless-n Notebook Adapter Driver 2026-04-23 N/A
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.
CVE-2006-5883 1 Cpanel 1 Cpanel 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
CVE-2006-5884 1 Microsoft 2 Ie, Internet Explorer 2026-04-23 N/A
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
CVE-2006-5886 1 Dynamic Dataworx 1 Nurealestate 2026-04-23 N/A
SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.