Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3790 1 Php 1 Php 2026-04-23 N/A
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
CVE-2006-3455 1 Symantec 2 Client Security, Norton Antivirus 2026-04-23 N/A
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.
CVE-2007-2514 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2026-04-23 N/A
Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.
CVE-2006-5640 1 Techno Dreams 1 Techno Dreams Guest Book 2026-04-23 N/A
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2007-3792 1 Azerbaijan Development Group 1 Azdgdating 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.
CVE-2007-2012 1 Mimarsinan 1 Comprexx 2026-04-23 N/A
Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.
CVE-2007-1854 1 Hitachi 7 Cosminexus Component Container, Electronic Form Workflow, Ucosminexus Application Server and 4 more 2026-04-23 N/A
Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact related to "unintended other requests."
CVE-2006-5799 1 Xenis 1 Xenis.creator Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters.
CVE-2007-3793 1 Hitachi 1 Jp1-netm-dm Manager 2026-04-23 N/A
SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-6936 1 Pensacola Web Designs 1 Xtremeasp Photogallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.
CVE-2007-1448 1 Broadcom 1 Brightstor Arcserve Backup 2026-04-23 N/A
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.
CVE-2007-2520 1 Frank Mancuso 1 Mynews 2026-04-23 N/A
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
CVE-2006-6987 1 Softinform 1 Finebrowser 2026-04-23 N/A
Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
CVE-2006-5805 1 Microsoft 1 Ie 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
CVE-2007-0558 1 Inter7 1 Vhostadmin 2026-04-23 N/A
PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.
CVE-2006-5678 2 J-pierre Dezelus, Phpmyconferences 2 Les Visiteurs, Phpmyconferences 2026-04-23 9.8 Critical
PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php
CVE-2006-6233 1 Postnuke Software Foundation 1 Postnuke 2026-04-23 N/A
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
CVE-2006-5896 1 Remlab 1 Web Mech Designer 2026-04-23 N/A
REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message.
CVE-2007-1462 2 Conga, Redhat 3 Conga, Linux, Rhel Cluster 2026-04-23 N/A
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
CVE-2007-1484 1 Php 1 Php 2026-04-23 N/A
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.