Export limit exceeded: 29843 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29843 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5658 | 1 Studio Achtundachtzig | 1 Bloomooweb Activex Control | 2025-04-09 | N/A |
| BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method. | ||||
| CVE-2006-5009 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow. | ||||
| CVE-2007-2441 | 1 Caucho Technology | 1 Resin | 2025-04-09 | N/A |
| Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. | ||||
| CVE-2007-1014 | 1 Vicftps | 1 Vicftps | 2025-04-09 | N/A |
| Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. | ||||
| CVE-2006-5664 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2025-04-09 | N/A |
| The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | ||||
| CVE-2007-2612 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | N/A |
| SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation." | ||||
| CVE-2006-5011 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". | ||||
| CVE-2007-1236 | 1 Sitex | 1 Sitex | 2025-04-09 | N/A |
| sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages. | ||||
| CVE-2007-2344 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2025-04-09 | N/A |
| The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. | ||||
| CVE-2006-5019 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | N/A |
| Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message. | ||||
| CVE-2006-4248 | 1 Acme Labs | 1 Thttpd | 2025-04-09 | N/A |
| thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file. | ||||
| CVE-2006-4251 | 1 Powerdns | 1 Recursor | 2025-04-09 | N/A |
| Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. | ||||
| CVE-2006-4252 | 1 Powerdns | 1 Recursor | 2025-04-09 | N/A |
| PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. | ||||
| CVE-2006-4250 | 1 Debian | 1 Debian Linux | 2025-04-09 | N/A |
| Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag. | ||||
| CVE-2006-4247 | 1 Plone | 1 Plone | 2025-04-09 | N/A |
| Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | ||||
| CVE-2006-5253 | 1 Dayana Networks | 1 Phponline | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in strload.php in Dayana Networks phpOnline (aka PHP-Online) 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the LangFile parameter. | ||||
| CVE-2007-2622 | 1 Taskdriver | 1 Taskdriver | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php. | ||||
| CVE-2007-2746 | 1 Plain Black | 1 Webgui | 2025-04-09 | N/A |
| The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact. | ||||
| CVE-2007-1963 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2025-04-09 | N/A |
| SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | ||||
| CVE-2007-2843 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | ||||