Export limit exceeded: 29852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7022 | 1 Fx-app | 1 Fx-app | 2025-04-09 | N/A |
| The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. | ||||
| CVE-2006-7013 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | N/A |
| QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue | ||||
| CVE-2007-3110 | 1 Beatnik | 1 Beatnik Player | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3407 | 1 Sergey Lyubka | 1 Simple Httpd | 2025-04-09 | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). | ||||
| CVE-2006-6508 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2025-04-09 | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | ||||
| CVE-2006-6540 | 1 Bluetrait | 1 Bluetrait | 2025-04-09 | N/A |
| SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-7180 | 1 Madwifi | 1 Madwifi | 2025-04-09 | N/A |
| ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. | ||||
| CVE-2007-0144 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | ||||
| CVE-2007-2727 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. | ||||
| CVE-2007-3633 | 1 Chilkat Software | 1 Chilkat Zip Activex Control | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. | ||||
| CVE-2007-1947 | 1 Parakey Inc. | 1 Firebug | 2025-04-09 | N/A |
| Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878. | ||||
| CVE-2007-3026 | 1 Panda | 1 Adminsecure | 2025-04-09 | N/A |
| Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | ||||
| CVE-2009-0649 | 1 Nokia | 2 N95, Symbian S60 Browser | 2025-04-09 | N/A |
| The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method. | ||||
| CVE-2007-3609 | 1 Emeeting | 1 Online Dating Software | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. | ||||
| CVE-2007-3600 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | N/A |
| WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. | ||||
| CVE-2007-3327 | 1 Bughunter | 1 Http Server | 2025-04-09 | N/A |
| httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space). | ||||
| CVE-2007-3961 | 1 Fsp | 1 C Library | 2025-04-09 | N/A |
| Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added. | ||||
| CVE-2007-3411 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | N/A |
| SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | ||||
| CVE-2007-0661 | 1 Intel | 9 Enterprise Southbridge 2 Bmc, Enterprise Southbridge Bmc, Server Board S5000pal and 6 more | 2025-04-09 | N/A |
| Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. | ||||