Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5887 1 Dynamic Dataworx 1 Nuschool 2026-04-23 N/A
SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
CVE-2007-1033 1 Drupal 1 Secure Site Module 2026-04-23 N/A
Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.
CVE-2007-4176 1 Eqdkp 1 Eqdkp Plus 2026-04-23 N/A
Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors.
CVE-2006-6907 1 Bluesoil Bluetooth 1 Bluesoil Bluetooth 2026-04-23 N/A
Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.
CVE-2006-5889 1 Brewblogger 1 Brewblogger 2026-04-23 N/A
SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0389 1 Arsdigita 2 Arsdigita Community Education Solution, Arsdigita Community System 2026-04-23 N/A
Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.
CVE-2006-5890 1 Superfreaker Studios 1 Usupport 2026-04-23 N/A
SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3864 2 Microsoft, Sun 3 Windows, Jdk, Jre 2026-04-23 N/A
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
CVE-2006-5892 1 The Net Guys 1 Aspired2poll 2026-04-23 N/A
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2940 2 Pygresql, Python 2 Pygresql, Python 2026-04-23 N/A
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
CVE-2006-5893 1 Iwonder Designs 1 Storystream 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.
CVE-2007-0391 1 Bitdefender 1 Bitdefender Client 2026-04-23 N/A
Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.
CVE-2006-6649 1 Hypervm 1 Hypervm 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence.
CVE-2006-5894 1 Rama Cms 1 Rama Cms 2026-04-23 N/A
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
CVE-2007-3479 1 Pc Soft 1 Windev 2026-04-23 N/A
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
CVE-2006-5919 1 Activecampaign 1 Knowledgebuilder 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131.
CVE-2006-6650 1 Mxbb 1 Mxbb Charts 2026-04-23 N/A
PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-0873 1 Nabocorp 1 Nabopoll 2026-04-23 N/A
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
CVE-2006-5920 1 Yuuki Yoshizawa 1 Exporia 2026-04-23 N/A
PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113
CVE-2007-1189 1 Bell Labs 1 Plan 9 2026-04-23 N/A
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.