Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7040 1 Atrium Software 1 Mercur Messaging 2005 2026-04-23 N/A
Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service.
CVE-2007-2784 1 Globus 1 Globus Toolkit 2026-04-23 N/A
Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
CVE-2007-3555 1 Moodle 1 Moodle 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
CVE-2006-7039 2 Atrium Software, Microsoft 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more 2026-04-23 N/A
The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.
CVE-2007-0792 1 Mozilla 1 Bugzilla 2026-04-23 N/A
The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
CVE-2007-0773 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-23 N/A
The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.
CVE-2006-5073 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
CVE-2006-7038 1 Atrium Software 1 Mercur Messaging 2005 2026-04-23 N/A
Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.
CVE-2007-0338 1 Bolintech 1 Dreamftp Server 2026-04-23 N/A
Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.
CVE-2007-0798 1 Uapplication 1 Ublog Reload 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.
CVE-2006-7035 1 Super Link Exchange Script 1 Super Link Exchange Script 2026-04-23 N/A
Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter.
CVE-2007-1058 1 Online Web Building 1 Online Web Building 2026-04-23 N/A
SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.
CVE-2007-2025 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
CVE-2007-0340 1 Thwboard 1 Thwboard 2026-04-23 N/A
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
CVE-2007-2026 2 Amavis, Gentoo 2 Virus Scanner, File 2026-04-23 N/A
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
CVE-2006-4099 1 Businessobjects 1 Crystal Enterprise 2026-04-23 N/A
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
CVE-2007-4410 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.
CVE-2007-4399 1 Irssi 1 Irssi 2026-04-23 N/A
CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4397 6 Irssi, Kristof Korwisi, Mikachu and 3 more 7 Irssi, Ixmmsa, L33t Xmms Music Showing Script and 4 more 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-3947 1 Lighttpd 1 Lighttpd 2026-04-23 N/A
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.