Export limit exceeded: 346144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346144 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5450 | 1 Kinesis | 1 Kinesis Interactive Cinema System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters. | ||||
| CVE-2006-5452 | 1 Hp | 2 Hp-ux, Tru64 | 2026-04-23 | N/A |
| Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. | ||||
| CVE-2006-5453 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi. | ||||
| CVE-2007-0423 | 1 Oracle | 1 Weblogic Portal | 2026-04-23 | N/A |
| BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. | ||||
| CVE-2006-5454 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi. | ||||
| CVE-2006-5455 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. | ||||
| CVE-2006-5456 | 3 Graphicsmagick, Imagemagick, Redhat | 3 Graphicsmagick, Imagemagick, Enterprise Linux | 2026-04-23 | N/A |
| Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | ||||
| CVE-2006-5457 | 1 Casinosoft | 1 Casino Script | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field. | ||||
| CVE-2006-5458 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter. | ||||
| CVE-2007-0166 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. | ||||
| CVE-2007-0424 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. | ||||
| CVE-2006-5459 | 1 Alex | 1 Downloadengine | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective. | ||||
| CVE-2007-0167 | 2 Ppc Search Engine, Wgs-ppc | 2 Ppc Search Engine, Wgs-ppc | 2026-04-23 | N/A |
| Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/. | ||||
| CVE-2007-0425 | 1 Bea | 2 Jrockit, Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | ||||
| CVE-2007-0465 | 1 Apple | 2 Installer, Mac Os X | 2026-04-23 | N/A |
| Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | ||||
| CVE-2006-5460 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458 | ||||
| CVE-2006-5461 | 1 Avahi | 1 Avahi | 2026-04-23 | N/A |
| Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. | ||||
| CVE-2006-5462 | 2 Mozilla, Redhat | 5 Firefox, Network Security Services, Seamonkey and 2 more | 2026-04-23 | N/A |
| Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. | ||||
| CVE-2006-5463 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. | ||||
| CVE-2006-5464 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | ||||