Export limit exceeded: 19661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6717 1 Alliedtelesyn 1 At-9000 24 Ethernetswitch 2026-04-23 N/A
The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations.
CVE-2006-6015 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
CVE-2007-4447 1 Toribash 1 Toribash 2026-04-23 N/A
Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character.
CVE-2006-1311 1 Microsoft 5 Learning Essentials, Office, Windows 2000 and 2 more 2026-04-23 N/A
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
CVE-2007-4323 1 Denyhosts 1 Denyhosts 2026-04-23 N/A
DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.
CVE-2007-3663 1 Media Player Classic 1 Media Player Classic 2026-04-23 N/A
Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file.
CVE-2008-5086 2 Libvirt, Redhat 2 Libvirt, Rhel Virtualization 2026-04-23 N/A
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
CVE-2006-3436 1 Microsoft 1 .net Framework 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
CVE-2007-2695 1 Bea 1 Weblogic Server 2026-04-23 N/A
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
CVE-2007-1298 1 Aj Square 1 Ajauction 2026-04-23 N/A
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2007-0702 1 Phpeventman 1 Phpeventman 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.
CVE-2006-6950 1 Conti 1 Ftpserver 2026-04-23 N/A
Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument.
CVE-2006-6964 1 Mailenable 1 Mailenable Professional 2026-04-23 N/A
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
CVE-2009-0077 1 Microsoft 2 Forefront Threat Management Gateway, Internet Security And Acceleration Server 2026-04-23 N/A
The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."
CVE-2007-1296 1 Aj Square 1 Aj Classifieds 2026-04-23 N/A
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
CVE-2007-1297 1 Aj Square 1 Ajdating 2026-04-23 N/A
SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2009-1440 1 Amule 1 Amule 2026-04-23 N/A
Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.
CVE-2006-6996 1 The War Forge 1 Warforge.news 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-4927 1 Symantec 2 Naveng Driver, Navex15 Driver 2026-04-23 N/A
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
CVE-2006-6342 1 Klf-design 1 Klf-realty 2026-04-23 N/A
Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp.