Export limit exceeded: 357824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6374 | 1 Codefixer | 1 Mailinglistpro | 2026-04-23 | N/A |
| CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | ||||
| CVE-2008-6376 | 1 Nexusjnr | 1 Jbook | 2026-04-23 | N/A |
| SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). | ||||
| CVE-2008-6378 | 1 Mxmania | 1 Calendar Mx Professional | 2026-04-23 | N/A |
| SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2008-6381 | 1 Bcoos | 1 Bcoos | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2008-6385 | 1 W3matter | 1 Revsense | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | ||||
| CVE-2008-6386 | 1 1scripts | 1 Z1exchange | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2008-6387 | 1 Activewebsoftwares | 1 Quick Tree View .net | 2026-04-23 | N/A |
| Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. | ||||
| CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2026-04-23 | N/A |
| Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | ||||
| CVE-2008-6389 | 1 Aliensoftcorp | 1 Rae Media Contact Management | 2026-04-23 | N/A |
| SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6392 | 1 1scripts | 1 Z1exchange | 2026-04-23 | N/A |
| SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-1368 | 1 Mozilo | 1 Mozilocms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3. | ||||
| CVE-2009-2704 | 1 Sun | 1 J2ee | 2026-04-23 | N/A |
| CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte). | ||||
| CVE-2006-6811 | 2 Canonical, Kde | 2 Ubuntu Linux, Ksirc | 2026-04-23 | 6.5 Medium |
| KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow. | ||||
| CVE-2006-6812 | 1 Myphpcalendar | 1 Myphpcalendar | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. | ||||
| CVE-2006-6821 | 1 Enthrallweb | 1 Enews | 2026-04-23 | N/A |
| myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | ||||
| CVE-2006-6822 | 1 Enthrallweb | 1 Eclassifieds | 2026-04-23 | N/A |
| myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | ||||
| CVE-2006-6823 | 1 Yrch | 1 Yrch | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-6824 | 1 Php Icalendar | 1 Php Icalendar | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24. | ||||
| CVE-2007-2953 | 2 Redhat, Vim Development Group | 2 Enterprise Linux, Vim | 2026-04-23 | N/A |
| Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | ||||
| CVE-2007-4101 | 1 Global Centre | 1 Aplomb Poll | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php. | ||||