Export limit exceeded: 29935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3613 | 1 Sap | 1 Internet Graphics Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. | ||||
| CVE-2007-4255 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | ||||
| CVE-2006-5131 | 1 Salims Softhouse | 1 Jaf Cms | 2026-04-23 | N/A |
| module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php. | ||||
| CVE-2006-5030 | 1 Exv2 | 1 Content Management System | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2006-5132 | 1 Phpmyagenda | 1 Phpmyagenda | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009. | ||||
| CVE-2006-5459 | 1 Alex | 1 Downloadengine | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective. | ||||
| CVE-2006-4410 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. | ||||
| CVE-2007-0958 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073. | ||||
| CVE-2006-4411 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2007-2347 | 2 Oneclick Cms, Sisplet Cms | 2 Oneclick Cms, Sisplet Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. | ||||
| CVE-2007-0848 | 1 Maian Recipe | 1 Maian Recipe | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | ||||
| CVE-2007-2998 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. | ||||
| CVE-2007-0987 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter. | ||||
| CVE-2006-5475 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | ||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2026-04-23 | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | ||||
| CVE-2007-0490 | 1 Open-realty | 1 Open-realty | 2026-04-23 | N/A |
| index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | ||||
| CVE-2007-0723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. | ||||
| CVE-2007-0465 | 1 Apple | 2 Installer, Mac Os X | 2026-04-23 | N/A |
| Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | ||||
| CVE-2007-3259 | 1 Vincent Hor | 1 Calendarix | 2026-04-23 | N/A |
| Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages. | ||||
| CVE-2007-0841 | 1 Vbdrupal | 1 Vbdrupal | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. | ||||