Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5828 | 1 Deltascripts | 1 Php Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | ||||
| CVE-2007-4424 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. | ||||
| CVE-2007-0864 | 1 Lushiwarplaner | 1 Lushiwarplaner | 2026-04-23 | N/A |
| SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5473 | 1 Softerra | 1 Php Developer Library | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code | ||||
| CVE-2006-5932 | 1 Kahua | 1 Kahua | 2026-04-23 | N/A |
| Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts. | ||||
| CVE-2009-3695 | 1 Djangoproject | 1 Django | 2026-04-23 | N/A |
| Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. | ||||
| CVE-2009-4026 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch." | ||||
| CVE-2006-5930 | 1 Aigaion | 1 Aigaion | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. | ||||
| CVE-2009-3736 | 2 Gnu, Redhat | 2 Libtool, Enterprise Linux | 2026-04-23 | N/A |
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2007-1442 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | ||||
| CVE-2006-5929 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5927 | 1 Asp Scripter | 2 Easy Portal, Live Support | 2026-04-23 | N/A |
| SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2009-3749 | 1 Websense | 2 Email Security, Personal Email Manager | 2026-04-23 | N/A |
| The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash) by sending a HTTP GET request to TCP port 8181 and closing the socket before the service can send a response. | ||||
| CVE-2006-5926 | 1 Vallheru | 1 Vallheru | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5923 | 1 Chris Mac | 1 Gimescripts Shopping Catalog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter. | ||||
| CVE-2007-2702 | 1 Oracle | 1 Weblogic Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor. | ||||
| CVE-2007-2703 | 1 Oracle | 1 Weblogic Portal | 2026-04-23 | N/A |
| BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. | ||||
| CVE-2007-3117 | 1 Adplan | 1 Seo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers. | ||||
| CVE-2006-5907 | 1 Jean-christophe Ramos | 2 Ban, Pls-bannieres | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5906 | 1 Jean-christophe Ramos | 1 Pls-bannieres | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use | ||||