Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5152 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
CVE-2007-4060 1 Frank Yaul 1 Corehttp 2026-04-23 N/A
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.
CVE-2006-7057 1 Sphider 1 Sphider 2026-04-23 N/A
SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2.
CVE-2007-1187 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
CVE-2007-1188 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
CVE-2009-0649 1 Nokia 2 N95, Symbian S60 Browser 2026-04-23 N/A
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
CVE-2007-2613 1 Wikkawiki 1 Wikkawiki 2026-04-23 N/A
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
CVE-2006-6445 1 Envolution 1 Envolution 2026-04-23 N/A
Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
CVE-2007-4061 1 Nessus 1 Vulnerability Scanner 2026-04-23 N/A
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-2608 1 Miplex2 1 Miplex2 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
CVE-2007-2607 1 Lavague 1 Lavague 2026-04-23 N/A
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
CVE-2007-2685 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
CVE-2007-2689 1 Checkpoint 1 Web Intelligence 2026-04-23 N/A
Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
CVE-2007-2606 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
CVE-2007-4069 1 Index Script 1 Index Script 2026-04-23 N/A
SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-7014 1 Fhttpd 1 Fhttpd 2026-04-23 N/A
fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.
CVE-2007-4070 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.
CVE-2008-6564 1 Nortel 2 Communication Server 1000, Unistim Protocol 2026-04-23 N/A
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.
CVE-2007-2605 1 Brujula Toolbar 1 Brujula Toolbar 2026-04-23 N/A
Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments.
CVE-2007-2601 1 Divx City 1 Gdivx Zenith Player 2026-04-23 N/A
Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.