Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5760 3 Redhat, X.org, Xfree86 Project 3 Enterprise Linux, Xserver, Xfree86-misc 2026-04-23 N/A
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
CVE-2007-2507 1 Treble Designs 1 1024 Cms 2026-04-23 N/A
Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter.
CVE-2006-6080 1 Gazatem Technologies 1 Gnews Publisher 2026-04-23 N/A
Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.
CVE-2006-5033 1 Paul Smith Computer Services 1 Vcap 2026-04-23 N/A
Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding.
CVE-2007-4404 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.
CVE-2007-4406 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
CVE-2007-0433 1 Bea 1 Aqualogic Service Bus 2026-04-23 N/A
Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.
CVE-2007-0434 1 Bea 1 Aqualogic Enterprise Security 2026-04-23 N/A
BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.
CVE-2007-4414 1 Cisco 1 Vpn Client 2026-04-23 N/A
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
CVE-2007-4061 1 Nessus 1 Vulnerability Scanner 2026-04-23 N/A
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-4416 1 Jemjabella 1 Bellabook 2026-04-23 N/A
captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application
CVE-2007-4422 1 Symantec 1 Enterprise Firewall 2026-04-23 N/A
The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2006-6797 1 Microsoft 1 Windows Xp 2026-04-23 N/A
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
CVE-2006-6796 1 Mtcms 1 Mtcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
CVE-2006-6795 1 Myphpnuke 1 Myphpnuke My Egallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
CVE-2006-5034 1 Paul Smith Computer Services 1 Vcap 2026-04-23 N/A
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2006-5035 1 Paul Smith Computer Services 1 Vcap 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-6871 1 Endonesia 1 Endonesia 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
CVE-2006-6868 1 Zen Cart 1 Web Shopping Cart 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0647 1 Apple 1 Mac Os X 2026-04-23 N/A
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.