Search Results (367121 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4130 1 Mozilla 1 Firefox 2026-04-23 N/A
Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
CVE-2006-5237 1 Blue Smiley Organizer 1 Blue Smiley Organizer 2026-04-23 N/A
SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-5240 1 Docmint 1 Docmint Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
CVE-2007-3824 1 Mehmet Zati Karahan 1 Mzk Blog 2026-04-23 N/A
SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.
CVE-2007-3825 2 Broadcom, Ca 8 Alert Notification Server, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 5 more 2026-04-23 N/A
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
CVE-2007-0350 1 Sme 1 Filemailer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.
CVE-2007-3826 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-23 N/A
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
CVE-2006-5251 1 Deep Cms 1 Deep Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-3829 2 Interactual Technologies, Roxio 2 Interactual Player, Cineplayer 2026-04-23 N/A
Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5445 1 Db Software Laboratory 1 Vimpx 2026-04-23 N/A
Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX control in VImpX.ocx 4.7.3.0 allows remote attackers to execute arbitrary code via a long RejectedRecordsFile parameter, a different vector than CVE-2007-2667.
CVE-2007-3830 1 Ibm 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
CVE-2007-3835 1 Exlibris Group 1 Metalib 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.
CVE-2009-4157 2 Joomla, Joomlatune 2 Joomla\!, Com Proofreader 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
CVE-2006-5261 1 Phpmynews 1 Phpmynews 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/.
CVE-2006-5262 1 Hastymail 1 Hastymail 2026-04-23 N/A
CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.
CVE-2006-5263 1 Phpmyagenda 1 Phpmyagenda 2026-04-23 N/A
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
CVE-2006-5264 1 Mysqldumper 1 Mysqldumper 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter.
CVE-2006-5268 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
CVE-2006-5271 1 Mcafee 2 E-business Server, Protectionpilot 2026-04-23 N/A
Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.
CVE-2006-5274 1 Mcafee 3 Common Management Agent, Epolicy Orchestrator, Protectionpilot 2026-04-23 N/A
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.