Export limit exceeded: 29845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7011 | 1 Develooping | 1 Flash Chat | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value | ||||
| CVE-2006-6916 | 1 Getahead | 1 Direct Web Remoting | 2025-04-09 | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." | ||||
| CVE-2007-3835 | 1 Exlibris Group | 1 Metalib | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search. | ||||
| CVE-2006-6762 | 1 Novell | 1 Netmail | 2025-04-09 | N/A |
| The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | ||||
| CVE-2006-4808 | 1 Enlightenment | 1 Imlib2 | 2025-04-09 | N/A |
| Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image. | ||||
| CVE-2006-4843 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. | ||||
| CVE-2006-6027 | 1 Adobe | 1 Acrobat Reader | 2025-04-09 | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. | ||||
| CVE-2006-6489 | 1 Sisco | 5 Ax-s4 Iccp, Ax-s4 Mms, Iccp Toolkit and 2 more | 2025-04-09 | N/A |
| The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets. | ||||
| CVE-2006-5484 | 1 Ssh | 4 Tectia Client, Tectia Connector, Tectia Manager and 1 more | 2025-04-09 | N/A |
| SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | ||||
| CVE-2006-4810 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2025-04-09 | N/A |
| Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||||
| CVE-2006-5393 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 5.5 Medium |
| Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. | ||||
| CVE-2006-4813 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked. | ||||
| CVE-2006-6252 | 1 Microsoft | 1 Windows Live Messenger | 2025-04-09 | N/A |
| Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. | ||||
| CVE-2006-6256 | 1 Alternc | 1 Alternc | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name. | ||||
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2025-04-09 | N/A |
| Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | ||||
| CVE-2006-6278 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. | ||||
| CVE-2006-7194 | 1 Republique Francaise | 1 Agora | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. | ||||
| CVE-2007-0506 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2025-04-09 | N/A |
| The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. | ||||
| CVE-2007-0511 | 1 Phpxmldom | 1 Phpxmldom | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/. | ||||
| CVE-2007-0517 | 1 Scriptsez | 1 Random Php Quote | 2025-04-09 | N/A |
| Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | ||||