Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2025-04-09 | N/A |
| The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | ||||
| CVE-2007-4294 | 1 Cisco | 2 Ios, Unified Communications Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. | ||||
| CVE-2007-4847 | 1 Google | 1 Picasa | 2025-04-09 | N/A |
| Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | ||||
| CVE-2007-4888 | 1 Xwiki | 1 Xwiki | 2025-04-09 | N/A |
| The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. | ||||
| CVE-2007-4889 | 1 Php | 2 Mysql Extension, Php | 2025-04-09 | N/A |
| The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. | ||||
| CVE-2007-2473 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | N/A |
| SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | ||||
| CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | ||||
| CVE-2006-5518 | 1 Christopher Fowler | 1 Rssonate | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. | ||||
| CVE-2007-2661 | 1 Drumster | 1 Blogme | 2025-04-09 | N/A |
| SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. | ||||
| CVE-2007-4963 | 1 Winimage | 1 Winimage | 2025-04-09 | N/A |
| Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files. | ||||
| CVE-2006-6569 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | N/A |
| form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | ||||
| CVE-2007-2499 | 1 Globalmegacorp | 1 Dvddb | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php. | ||||
| CVE-2007-5079 | 1 Redhat | 2 Enterprise Linux, Linux | 2025-04-09 | N/A |
| Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2025-04-09 | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | ||||
| CVE-2006-6577 | 1 Neocrome | 2 Land Down Under, Seditio | 2025-04-09 | N/A |
| SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2651 | 1 Voodoo Circle | 1 Voodoo Circle | 2025-04-09 | N/A |
| Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets. | ||||
| CVE-2007-5793 | 1 Stonesoft | 1 Stonegate Ips | 2025-04-09 | N/A |
| Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection. | ||||
| CVE-2007-5804 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. | ||||
| CVE-2007-5860 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | ||||
| CVE-2007-5889 | 1 Idmos | 1 Idmos | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294. | ||||