Export limit exceeded: 363333 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363333 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5147 | 1 Vamp Webmail | 1 Vamp Webmail | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. | ||||
| CVE-2006-6597 | 1 Hilgraeve | 1 Hyperaccess | 2026-04-23 | N/A |
| Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe. | ||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2026-04-23 | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | ||||
| CVE-2007-0145 | 1 Bingo News | 1 Bingo News | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649. | ||||
| CVE-2006-6599 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | ||||
| CVE-2006-6600 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. | ||||
| CVE-2006-6601 | 2 Microsoft, Windows | 2 Windows Xp, Media Player | 2026-04-23 | N/A |
| Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. | ||||
| CVE-2007-0445 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2026-04-23 | N/A |
| Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives. | ||||
| CVE-2006-6602 | 1 Microsoft | 2 Windows Explorer, Windows Xp | 2026-04-23 | N/A |
| explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. | ||||
| CVE-2006-6603 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-0146 | 1 Fix And Chips Computer Services | 1 Fix And Chips Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. | ||||
| CVE-2006-6604 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328. | ||||
| CVE-2006-6605 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2026-04-23 | N/A |
| Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | ||||
| CVE-2007-0147 | 1 Cuyahoga | 1 Cuyahoga | 2026-04-23 | N/A |
| Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | ||||
| CVE-2006-6606 | 1 Clarens | 1 Jclarens | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2026-04-23 | N/A |
| The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | ||||
| CVE-2006-6613 | 1 Phpalbum.net | 1 Phpalbum | 2026-04-23 | N/A |
| Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | ||||
| CVE-2006-6620 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2026-04-23 | N/A |
| Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | ||||
| CVE-2007-0148 | 1 Omnigroup | 1 Omniweb | 2026-04-23 | N/A |
| Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. | ||||
| CVE-2007-0446 | 1 Hp | 3 Mercury Loadrunner Agent, Mercury Monitor Over Firewall, Mercury Performance Center Agent | 2026-04-23 | N/A |
| Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. | ||||