Export limit exceeded: 366935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4085 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
CVE-2007-4083 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php.
CVE-2007-0111 1 Resco 1 Photo Viewer 2026-04-23 N/A
Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.
CVE-2007-1972 1 Bmc 1 Performance Manager 2026-04-23 N/A
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured
CVE-2007-0594 1 Siteman 1 Siteman 2026-04-23 N/A
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.
CVE-2008-1546 1 Mitsubishi Electric 1 Gb 2026-04-23 N/A
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command.
CVE-2007-0120 1 Acunetix 1 Web Vulnerability Scanner 2026-04-23 N/A
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
CVE-2006-5722 1 Middlebury College 1 Segue Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0121 1 Michael Romedahl 1 Ri Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-5184 1 Pkr Internet 1 Taskjitsu 2026-04-23 N/A
SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid.
CVE-2007-0123 1 Uber Uploader 1 Uber Uploader 2026-04-23 N/A
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
CVE-2007-3622 1 Alt-n 1 Mdaemon 2026-04-23 N/A
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
CVE-2007-0595 1 Designmind 1 High5 Review Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).
CVE-2006-5136 1 Ubbcentral 1 Ubb.threads 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.
CVE-2007-0596 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.
CVE-2007-0129 1 Locazo 1 Locazolist Classifieds 2026-04-23 N/A
SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.
CVE-2007-0135 1 Aratix 1 Aratix 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.
CVE-2007-3598 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
CVE-2008-1736 1 Comodo 1 Comodo Personal Firewall 2026-04-23 N/A
Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709.
CVE-2007-3592 1 Elite Bulletin Board 1 Elite Bulletin Board 2026-04-23 N/A
PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields.