Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5233 | 1 Polycom | 1 Soundpoint Ip 301 | 2026-04-23 | N/A |
| Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | ||||
| CVE-2006-5183 | 1 Dayfox Designs | 1 Dayfox Blog | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit. | ||||
| CVE-2007-0749 | 1 Apple | 2 Darwin Streaming Server, Mac Os X Server | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. | ||||
| CVE-2006-5186 | 1 Phpmyprofiler | 1 Phpmyprofiler | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter. | ||||
| CVE-2007-0747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | ||||
| CVE-2008-3837 | 4 Canonical, Debian, Mozilla and 1 more | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. | ||||
| CVE-2006-5761 | 1 Rhadrix | 1 If-cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. | ||||
| CVE-2006-5421 | 1 Wsn Forum | 1 Wsn Forum | 2026-04-23 | N/A |
| WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability. | ||||
| CVE-2006-3890 | 2 Sky Software, Winzip | 2 Fileview Activex Control, Winzip | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. | ||||
| CVE-2006-5187 | 1 Bulletin Board Ace | 1 Bulletin Board Ace | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-6117 | 1 Fipsasp | 1 Fipsgallery | 2026-04-23 | N/A |
| SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter. | ||||
| CVE-2006-5667 | 1 P-book | 1 P-book | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php. | ||||
| CVE-2006-5422 | 1 Lodel | 1 Lodel Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | ||||
| CVE-2009-2872 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776. | ||||
| CVE-2009-2874 | 1 Cisco | 1 Unified Presence Server | 2026-04-23 | N/A |
| The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. | ||||
| CVE-2008-3820 | 1 Cisco | 1 Security Manager | 2026-04-23 | N/A |
| Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports. | ||||
| CVE-2007-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. | ||||
| CVE-2008-3792 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2026-04-23 | N/A |
| net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks. | ||||
| CVE-2008-3746 | 1 Webdav | 1 Neon | 2026-04-23 | N/A |
| neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. | ||||
| CVE-2006-5669 | 1 Gepi | 1 Gepi | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | ||||