Export limit exceeded: 346703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346703 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0080 | 1 Freeradius | 1 Freeradius | 2026-04-23 | N/A |
| Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute | ||||
| CVE-2007-0084 | 1 Microsoft | 1 Message Compiler | 2026-04-23 | N/A |
| Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed | ||||
| CVE-2007-0108 | 1 Novell | 1 Client | 2026-04-23 | N/A |
| nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. | ||||
| CVE-2007-0110 | 1 Novell | 1 Access Manager Identity Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. | ||||
| CVE-2007-0116 | 1 Digger Solutions | 1 Intranet Open Source | 2026-04-23 | N/A |
| Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb. | ||||
| CVE-2007-0124 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. | ||||
| CVE-2007-0134 | 1 Igeneric | 1 Ig Shop | 2026-04-23 | N/A |
| Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4. | ||||
| CVE-2006-6155 | 1 Hscripts | 1 Hiox Star Rating System Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6152 | 1 Vspin.net | 1 Classified System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp. | ||||
| CVE-2006-6148 | 1 Jiros | 1 Links Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6147 | 1 Jiros | 1 Links Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp. | ||||
| CVE-2006-6123 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. | ||||
| CVE-2006-6106 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field. | ||||
| CVE-2006-6097 | 2 Gnu, Redhat | 2 Tar, Enterprise Linux | 2026-04-23 | N/A |
| GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | ||||
| CVE-2006-6095 | 1 Dotnetindex | 1 Active News Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094. | ||||
| CVE-2006-5265 | 1 Microsoft | 1 Dynamics Gp | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | ||||
| CVE-2006-5300 | 1 Hp | 1 Version Control Agent | 2026-04-23 | N/A |
| Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors. | ||||
| CVE-2006-5308 | 1 Open Conference Systems | 1 Open Conference Systems | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php. | ||||
| CVE-2006-5310 | 2 J-pierre Dezelus, Phpmyconferences | 2 Les Visiteurs, Phpmyconferences | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | ||||
| CVE-2006-5316 | 1 Phplibre | 1 Registrotl | 2026-04-23 | N/A |
| registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat. | ||||