Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5285 1 Xeoport 1 Xeoport 2026-04-23 N/A
SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter.
CVE-2007-2451 1 Linux 1 Linux Kernel 2026-04-23 N/A
Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.
CVE-2007-2452 1 Gnu 1 Findutils 2026-04-23 N/A
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
CVE-2006-5115 1 Kgb 1 Kgb 2026-04-23 N/A
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
CVE-2006-5288 1 Cisco 1 2700 Wireless Location Appliance 2026-04-23 N/A
Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893.
CVE-2007-1241 1 Audins Audiens 1 Audins Audiens 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5292 1 Exhibit Engine 1 Exhibit Engine 2026-04-23 N/A
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2007-2285 1 Jack Slocum 1 Ext Js 2026-04-23 N/A
Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent.
CVE-2006-5293 1 Phpoutsourcing 1 Noahs Classifieds 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter.
CVE-2007-1242 1 Audins Audiens 1 Audins Audiens 2026-04-23 N/A
SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0871 1 Extremepow 1 Extreme File Hosting 2026-04-23 N/A
Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
CVE-2006-5299 1 Gcontact 1 Gcontact 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-5208 1 Deltascripts 1 Php Classifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php.
CVE-2007-2466 1 Sun 2 Java System Directory Server, One Directory Server 2026-04-23 N/A
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.
CVE-2007-2467 1 Zonelabs 1 Zonealarm 2026-04-23 N/A
ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.
CVE-2006-5122 1 Hp 1 Mercury Sitescope 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.
CVE-2007-2469 1 Filerun 1 Filerun 2026-04-23 N/A
SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
CVE-2007-1244 1 Wordpress 1 Wordpress 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
CVE-2006-5147 1 Vamp Webmail 1 Vamp Webmail 2026-04-23 N/A
PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.
CVE-2007-1669 2 Amavis, Barracuda Networks 2 Amavis, Barracuda Spam Firewall 2026-04-23 N/A
zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.