Export limit exceeded: 363682 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4505 | 2 Mambo, Mamboserver | 2 Remository, Mambo | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | ||||
| CVE-2007-2621 | 1 Extrovert Software | 1 Thyme Calndar | 2026-04-23 | N/A |
| SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||||
| CVE-2007-2930 | 1 Isc | 1 Bind | 2026-04-23 | N/A |
| The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. | ||||
| CVE-2007-2625 | 1 Aiocp | 1 Aiocp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0623 | 1 Maxdev | 1 Mdpro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | ||||
| CVE-2007-1198 | 1 Taskfreak | 1 Taskfreak | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982. | ||||
| CVE-2007-4376 | 1 Szymon Kosok | 1 Best Top List | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | ||||
| CVE-2007-1506 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | ||||
| CVE-2007-2351 | 1 Hp | 2 Hp-ux, Power Manager Remote Agent | 2026-04-23 | N/A |
| Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-6295 | 1 Mxbb | 1 Mx Tinies | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2009-4323 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322. | ||||
| CVE-2007-4091 | 1 Rsync | 1 Rsync | 2026-04-23 | N/A |
| Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. | ||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2026-04-23 | N/A |
| The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | ||||
| CVE-2007-4246 | 1 Justsystem | 1 Ichitaro | 2026-04-23 | N/A |
| Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938. | ||||
| CVE-2009-3295 | 1 Mit | 1 Kerberos 5 | 2026-04-23 | N/A |
| The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request. | ||||
| CVE-2008-7105 | 1 Sophos | 1 Puremessage For Microsoft Exchange | 2026-04-23 | N/A |
| Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104. | ||||
| CVE-2006-4686 | 1 Microsoft | 2 Xml Core Services, Xml Parser | 2026-04-23 | N/A |
| Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. | ||||
| CVE-2006-6240 | 1 Telnet Ftp Server | 1 Telnet Ftp Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument, as demonstrated by RETR (GET) or STOR (PUT). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7106 | 1 Sophos | 1 Puremessage For Microsoft Exchange | 2026-04-23 | N/A |
| The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay). | ||||
| CVE-2006-6104 | 1 Mono | 1 Xsp | 2026-04-23 | N/A |
| The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. | ||||