Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5549 1 Adobe 1 Adobe Php Ria Sdk 2026-04-23 N/A
PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant
CVE-2006-5553 1 Cisco 3 Security Agent, Unified Callmanager, Unified Presence Server 2026-04-23 N/A
Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options.
CVE-2007-4111 1 Codewidgets 1 Real Estate Listing Website Application Template 2026-04-23 N/A
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2006-4177 1 Novell 1 Edirectory 2026-04-23 N/A
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.
CVE-2007-4116 1 Metyus 1 Forum Portal 2026-04-23 N/A
SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.
CVE-2007-0570 1 Johannes Gijsbers 1 Ad Fundum Integratable News Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.
CVE-2007-0578 1 Mpg123 1 Mpg123 2026-04-23 N/A
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
CVE-2006-5609 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.
CVE-2006-5610 1 Fully Modded Phpbb 1 Fully Modded Phpbb 2026-04-23 9.8 Critical
PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-6476 1 Mandiant 1 First Response 2026-04-23 N/A
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).
CVE-2006-5617 1 Thepeak 1 Thepeak File Upload Manager 2026-04-23 N/A
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
CVE-2006-5632 1 Ig Shop 1 Ig Shop 2026-04-23 6.1 Medium
Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5641 1 Techno Dreams 1 Announcement Script 2026-04-23 N/A
SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2007-1338 1 Apple 1 Airport Extreme 2026-04-23 N/A
The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.
CVE-2007-0021 1 Apple 1 Ichat 2026-04-23 N/A
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.
CVE-2007-0579 1 Horde 1 Groupware 2026-04-23 N/A
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-4163 1 Index Script 1 Index Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id, (2) start_id, (3) row[parent_id], and (4) row[cat_id] parameters to unspecified components, related to use of these parameters within include/utils.php. NOTE: the show_cat.php cat_id vector is already covered by CVE-2007-4069.
CVE-2007-0015 1 Apple 1 Quicktime 2026-04-23 N/A
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
CVE-2007-0590 1 Forum Livre 1 Forum Livre 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.
CVE-2007-4185 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.