Export limit exceeded: 363449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5197 1 Pdshoppro 1 Pdshoppro 2026-04-23 N/A
PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb.
CVE-2006-5201 1 Sun 9 Jdk, Jre, Jsse and 6 more 2026-04-23 N/A
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
CVE-2006-5202 1 Linksys 1 Wrt54g 2026-04-23 N/A
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
CVE-2006-5203 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
CVE-2007-0940 1 Microsoft 2 Biztalk Server, Capicom 2026-04-23 N/A
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
CVE-2007-1173 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2026-04-23 N/A
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
CVE-2007-0101 1 Spine 1 Spine 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-1756 1 Microsoft 3 Excel, Excel Viewer, Office 2026-04-23 N/A
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
CVE-2007-1903 1 Sonicbb 1 Sonicbb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.
CVE-2007-2439 1 Caucho Technology 1 Resin 2026-04-23 N/A
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension.
CVE-2007-2440 1 Caucho Technology 1 Resin 2026-04-23 N/A
Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.
CVE-2007-2568 1 Vcdgear 1 Vcdgear 2026-04-23 N/A
Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file.
CVE-2007-2696 1 Bea 1 Weblogic Server 2026-04-23 N/A
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
CVE-2007-2701 1 Bea 1 Weblogic Server 2026-04-23 N/A
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
CVE-2007-1020 1 Cedstat 1 Cedstat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.
CVE-2007-2705 1 Bea 2 Weblogic Integration, Weblogic Workshop 2026-04-23 N/A
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
CVE-2007-0128 1 Digiappz 1 Digirez 2026-04-23 N/A
SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
CVE-2007-2711 1 Tinyirc 1 Tinyidentd 2026-04-23 N/A
Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.
CVE-2007-2712 1 Mh Software 1 Connect Daily 2026-04-23 N/A
Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.
CVE-2007-2713 1 Ifusionservices 1 Ifdate 2026-04-23 N/A
ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.