Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5370 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS06 for Oracle CRM Gateway for Mobile Devices and (2) APPS08 for Oracle iStore. | ||||
| CVE-2006-7111 | 1 Futomis Cgi Cafe | 1 Kmail Cgi | 2026-04-23 | N/A |
| Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors. | ||||
| CVE-2007-2933 | 1 Phil-a-form | 1 Phil-a-form | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. | ||||
| CVE-2006-7110 | 1 Drupal | 1 Imce Module | 2026-04-23 | N/A |
| Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | ||||
| CVE-2007-1453 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. | ||||
| CVE-2006-7099 | 1 Solarpay | 1 Solarpay | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2938 | 2 Honeywell, Microsoft | 2 Ademco Atnbaseloader100 Module, Internet Explorer | 2026-04-23 | N/A |
| Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. | ||||
| CVE-2008-1032 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | ||||
| CVE-2007-2941 | 1 Michael Brandon | 1 Vbgsitemap | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | ||||
| CVE-2006-7097 | 1 Taskfreak | 1 Taskfreak | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | ||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2026-04-23 | N/A |
| Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | ||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | ||||
| CVE-2007-3164 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. | ||||
| CVE-2007-3175 | 1 W2b | 1 Online Banking | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b. | ||||
| CVE-2007-3613 | 1 Sap | 1 Internet Graphics Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. | ||||
| CVE-2007-3178 | 1 Zindizayn Okul Web Sistemi | 1 Zindizayn Okul Web Sistemi | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. | ||||
| CVE-2008-4584 | 1 Chilkat Software | 1 Mail | 2026-04-23 | N/A |
| Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method. | ||||
| CVE-2007-3607 | 1 Sap | 1 Enjoysap | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors. | ||||
| CVE-2007-3179 | 1 Particle Blogger | 1 Particle Blogger | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. | ||||
| CVE-2008-4586 | 1 Acresso | 1 Flexnet Connect | 2026-04-23 | N/A |
| Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method. | ||||