Export limit exceeded: 363078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363078 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2026-04-23 | N/A |
| The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | ||||
| CVE-2008-0268 | 1 Eticket | 1 Eticket | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2008-0269 | 1 Sun | 1 Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. | ||||
| CVE-2008-0270 | 1 Taskfreak | 1 Taskfreak | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter. | ||||
| CVE-2008-6581 | 1 Phpaddedit | 1 Phpaddedit | 2026-04-23 | N/A |
| login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. | ||||
| CVE-2008-0274 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. | ||||
| CVE-2007-6701 | 2 Microsoft, Novell | 2 Windows, Client | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. | ||||
| CVE-2007-6700 | 1 Openbsd | 1 Openbsd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. | ||||
| CVE-2007-6699 | 1 Aol | 1 Ygp Piceditor Activex Control | 2026-04-23 | N/A |
| Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. | ||||
| CVE-2007-6697 | 1 Sdl | 1 Sdl Image | 2026-04-23 | N/A |
| Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6695 | 1 Drake Team | 1 Drake Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. | ||||
| CVE-2007-6692 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. | ||||
| CVE-2007-6683 | 1 Videolan | 1 Vlc | 2026-04-23 | N/A |
| The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | ||||
| CVE-2007-6682 | 1 Videolan | 1 Vlc | 2026-04-23 | N/A |
| Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | ||||
| CVE-2007-6681 | 1 Videolan | 1 Vlc | 2026-04-23 | N/A |
| Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | ||||
| CVE-2007-6679 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. | ||||
| CVE-2007-6677 | 1 Peters Software | 1 Random Anti-spam Image | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form. | ||||
| CVE-2007-6675 | 1 Xoops | 1 Xoops | 2026-04-23 | N/A |
| The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules. | ||||
| CVE-2007-6670 | 1 Phpcredo | 1 Phcdownload | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter. | ||||
| CVE-2006-5318 | 1 Nayco | 1 Jasmine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter. | ||||