Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0081 1 Sunbelt 1 Sunbelt Kerio Personal Firewall 2026-04-23 N/A
Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.
CVE-2007-0082 1 Imgallery 1 Imgallery 2026-04-23 N/A
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
CVE-2006-6456 1 Microsoft 4 Office, Word, Word Viewer and 1 more 2026-04-23 N/A
Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
CVE-2006-6465 1 Wikyblog 1 Wikyblog 2026-04-23 N/A
Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctype_alpha before use
CVE-2007-0415 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
CVE-2006-6476 1 Mandiant 1 First Response 2026-04-23 N/A
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).
CVE-2007-0416 1 Bea 1 Weblogic Server 2026-04-23 N/A
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
CVE-2006-6479 1 Scriptphp 1 Annoncescripthp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
CVE-2007-0114 1 Sun 1 Java System Content Delivery Server 2026-04-23 N/A
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
CVE-2007-0432 1 Bea 1 Aqualogic Service Bus 2026-04-23 N/A
BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.
CVE-2007-0115 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
CVE-2006-6531 1 Drupal 1 Help Tip Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles.
CVE-2007-0433 1 Bea 1 Aqualogic Service Bus 2026-04-23 N/A
Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.
CVE-2006-3974 1 3com 1 3cr860-95 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.
CVE-2006-6599 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
CVE-2006-6600 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.
CVE-2007-4370 1 Racer 1 Racer 2026-04-23 N/A
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
CVE-2006-6602 1 Microsoft 2 Windows Explorer, Windows Xp 2026-04-23 N/A
explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.
CVE-2006-6604 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.
CVE-2006-6605 1 Mailenable 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard 2026-04-23 N/A
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.