Export limit exceeded: 29932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3698 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2026-04-23 | N/A |
| The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. | ||||
| CVE-2006-5449 | 1 Horde | 1 Ingo H3 | 2026-04-23 | N/A |
| procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. | ||||
| CVE-2007-3109 | 1 Microsoft | 2 Frontpage, Office | 2026-04-23 | N/A |
| The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. | ||||
| CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2026-04-23 | N/A |
| server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | ||||
| CVE-2007-2529 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. | ||||
| CVE-2007-3078 | 1 Aigaion | 1 Aigaion | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. | ||||
| CVE-2006-5765 | 1 Article Script | 1 Article Script | 2026-04-23 | N/A |
| SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2007-3353 | 1 Mywebland | 1 Myevent | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class. | ||||
| CVE-2007-1409 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | ||||
| CVE-2007-3526 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. | ||||
| CVE-2007-3112 | 1 The Cacti Group | 1 Cacti | 2026-04-23 | N/A |
| graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. | ||||
| CVE-2007-3665 | 1 Symantec | 1 Norton Ghost | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions. | ||||
| CVE-2006-5774 | 1 Hyper Nikki System | 1 Hyper Nikki System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2007-3113 | 1 The Cacti Group | 1 Cacti | 2026-04-23 | N/A |
| Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112. | ||||
| CVE-2007-3569 | 1 Softlink Europe | 1 Oliver Library Management System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. | ||||
| CVE-2006-5453 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi. | ||||
| CVE-2006-5603 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-23 | 9.8 Critical |
| SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-1414 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. | ||||
| CVE-2006-5781 | 1 Iodine | 1 Iodine | 2026-04-23 | N/A |
| Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response. | ||||
| CVE-2006-5553 | 1 Cisco | 3 Security Agent, Unified Callmanager, Unified Presence Server | 2026-04-23 | N/A |
| Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options. | ||||