Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5932 1 Kahua 1 Kahua 2026-04-23 N/A
Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.
CVE-2006-5933 1 Ultrasite 1 Ultrasite 2026-04-23 N/A
SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0432 1 Bea 1 Aqualogic Service Bus 2026-04-23 N/A
BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.
CVE-2007-3615 2 Microsoft, Sap 3 All Windows, Internet Communication Manager, Sap Web Application Server 2026-04-23 N/A
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
CVE-2006-5934 1 Iexpress 1 Estate Agent Manager 2026-04-23 N/A
SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field.
CVE-2007-3614 1 Sap 1 Sap Db 2026-04-23 N/A
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
CVE-2007-3598 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
CVE-2007-3594 1 Adventnet 1 Manageengine Netflow Analyzer 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
CVE-2006-5976 1 Drumster 1 Blogme 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.
CVE-2007-3522 1 Sphpell 1 Sphpell 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
CVE-2007-0452 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-23 N/A
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
CVE-2007-0453 1 Samba 1 Samba 2026-04-23 N/A
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
CVE-2007-3521 1 Arcadebuilder 1 Game Portal Manager 2026-04-23 N/A
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
CVE-2007-3520 1 Easybe 1 1-2-3 Music Store 2026-04-23 N/A
SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
CVE-2007-3519 1 Wesmo 1 Phpeventcalendar 2026-04-23 N/A
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3518 1 Hispah 1 Youtube Clone Script 2026-04-23 N/A
SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6011 1 Sap 1 Sap Web Application Server 2026-04-23 N/A
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
CVE-2007-1043 9 Apple, Ezboo, Hp and 6 more 18 Mac Os X, Webstats, Hp-ux and 15 more 2026-04-23 N/A
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
CVE-2006-6013 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more 2026-04-23 N/A
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.
CVE-2007-3512 1 Wakwak 1 Lhaca File Archiver 2026-04-23 N/A
Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375.