Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4394 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. | ||||
| CVE-2006-4511 | 1 Novell | 1 Groupwise Messenger | 2026-04-23 | N/A |
| Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." | ||||
| CVE-2006-4509 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2006-5079 | 1 Php Arena | 1 Pabugs | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter. | ||||
| CVE-2006-5121 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. | ||||
| CVE-2006-5125 | 1 Joshua Muheim | 1 Phpmywebmin | 2026-04-23 | N/A |
| Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function. | ||||
| CVE-2006-5126 | 1 Powerportal | 1 Powerportal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter. | ||||
| CVE-2006-5132 | 1 Phpmyagenda | 1 Phpmyagenda | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009. | ||||
| CVE-2006-5155 | 1 Videodb | 1 Videodb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter. | ||||
| CVE-2006-5171 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Protection Suites | 2026-04-23 | N/A |
| Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. | ||||
| CVE-2006-5185 | 1 Hamweather | 1 Hamweather | 2026-04-23 | N/A |
| Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function. | ||||
| CVE-2007-3741 | 3 Gnu, Mandriva, Redhat | 3 Gimp, Linux, Enterprise Linux | 2026-04-23 | N/A |
| The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | ||||
| CVE-2007-3359 | 1 Iptel | 1 Serweb | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2721 | 2 Jasper Jpeg-2000, Redhat | 2 Jasper Jpeg-2000, Enterprise Linux | 2026-04-23 | N/A |
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | ||||
| CVE-2009-1710 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. | ||||
| CVE-2007-2974 | 1 Avira | 2 Antivir, Av Pack | 2026-04-23 | N/A |
| Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." | ||||
| CVE-2007-2962 | 1 Particle Soft | 1 Particle Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. | ||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | ||||
| CVE-2006-5295 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." | ||||
| CVE-2009-1693 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." | ||||