Export limit exceeded: 20044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363357 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363357 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363357 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0169 1 Broadcom 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite 2026-04-23 N/A
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.
CVE-2006-6766 1 Cwm-design 1 Cwmexplorer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information.
CVE-2007-0170 1 Allmyphp 1 Allmyvisitors 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
CVE-2007-0462 1 Apple 2 Mac Os X, Quicktime 2026-04-23 N/A
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
CVE-2007-0171 1 Allmylinks Project 1 Allmylinks 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
CVE-2007-0463 1 Apple 1 Software Update 2026-04-23 N/A
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.
CVE-2006-5167 1 Basilix 1 Basilix Webmail 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
CVE-2006-6771 1 Irokez 1 Irokez Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/.
CVE-2006-5169 1 Powerportal 1 Powerportal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-6774 1 Ciberia 1 Content Federator 2026-04-23 N/A
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5170 3 Debian, Fedoraproject, Redhat 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more 2026-04-23 N/A
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
CVE-2006-6783 1 Logahead 1 Logahead Unu 2026-04-23 N/A
logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information.
CVE-2006-5174 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.
CVE-2006-6792 1 Mxmania 1 Calendar Mx Basic 2026-04-23 N/A
SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0464 2 Apple, Cfnetwork 2 Mac Os X, Cfnetwork 2026-04-23 N/A
The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.
CVE-2007-0548 1 Karjasoft 1 Sami Http Server 2026-04-23 N/A
KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.
CVE-2006-5176 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-23 N/A
Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".
CVE-2006-5177 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-23 N/A
The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.
CVE-2007-1743 1 Apache 1 Http Server 2026-04-23 N/A
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
CVE-2006-5178 1 Php 1 Php 2026-04-23 N/A
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.