Export limit exceeded: 20090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6803 1 Enthrallweb 1 Ecars 2026-04-23 N/A
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
CVE-2006-6801 1 Sh-news 1 Sh-news 2026-04-23 N/A
PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.
CVE-2006-6800 1 Limbo Cms 1 Event Module 2026-04-23 N/A
PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-2006-6797 1 Microsoft 1 Windows Xp 2026-04-23 N/A
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
CVE-2006-6796 1 Mtcms 1 Mtcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
CVE-2008-2399 2 Fireftp, Mozilla 2 Fireftp, Firefox 2026-04-23 N/A
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2009-3663 1 Jasper 1 Httpdx 2026-04-23 N/A
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
CVE-2008-2412 1 Acgv.free 1 Acgv News 2026-04-23 N/A
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2414 1 Aguestbook 1 An Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
CVE-2008-2417 1 How2asp 1 Webboard 2026-04-23 N/A
SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter.
CVE-2008-6442 1 Sina 1 Dloader 2026-04-23 N/A
Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6443 1 Phpkf 1 Phpkf 2026-04-23 N/A
SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.
CVE-2007-0689 1 Mybb 1 Mybb 2026-04-23 N/A
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
CVE-2008-6768 1 Shopsystem-forum 1 K\&s Shopsoftware 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
CVE-2009-4226 1 Sun 1 Opensolaris 2026-04-23 N/A
Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.
CVE-2007-0771 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.
CVE-2008-6769 1 Peterselie 1 Yourplace 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
CVE-2008-6770 1 Peterselie 1 Yourplace 2026-04-23 N/A
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt.
CVE-2008-6771 1 Peterselie 1 Yourplace 2026-04-23 N/A
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.
CVE-2008-6772 1 Peterselie 1 Yourplace 2026-04-23 N/A
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user.