Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2432 | 1 Nukedit | 1 Nukedit | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | ||||
| CVE-2007-2433 | 1 Ariadne | 1 Ariadne Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2438 | 3 Foresight Linux, Redhat, Vim Development Group | 3 Foresight Linux, Enterprise Linux, Vim | 2026-04-23 | N/A |
| The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | ||||
| CVE-2007-2443 | 4 Canonical, Debian, Mit and 1 more | 4 Ubuntu Linux, Debian Linux, Kerberos 5 and 1 more | 2026-04-23 | N/A |
| Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | ||||
| CVE-2007-2468 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." | ||||
| CVE-2007-2467 | 1 Zonelabs | 1 Zonealarm | 2026-04-23 | N/A |
| ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. | ||||
| CVE-2007-1390 | 1 Dynaliens | 1 Dynaliens | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3. | ||||
| CVE-2006-7133 | 1 Php Upload Tool | 1 Php Upload Tool | 2026-04-23 | N/A |
| Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter. | ||||
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2026-04-23 | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. | ||||
| CVE-2006-7141 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability | ||||
| CVE-2006-6889 | 1 Freestyle | 1 Freestyle Wiki | 2026-04-23 | N/A |
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. | ||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2026-04-23 | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2008-2281 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-23 | N/A |
| Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document. | ||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2026-04-23 | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | ||||
| CVE-2006-6708 | 1 Mginternet | 1 Property Site Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2006-6545 | 1 Php | 1 Errordocs | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2007-0863 | 1 Trevorchan | 1 Trevorchan | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php | ||||
| CVE-2007-1243 | 1 Audins Audiens | 1 Audins Audiens | 2026-04-23 | N/A |
| Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6599 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | ||||