Export limit exceeded: 366887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0807 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. | ||||
| CVE-2008-2554 | 1 Bp Blog | 1 Bp Blog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp. | ||||
| CVE-2007-0810 | 1 Geeklog | 1 Geeklog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog. | ||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2026-04-23 | N/A |
| SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | ||||
| CVE-2007-0813 | 1 Home Production | 1 Mysearchengine | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-3658 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-23 | N/A |
| Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | ||||
| CVE-2007-6031 | 1 Van Dyke Technologies | 1 Vshell | 2026-04-23 | N/A |
| Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | ||||
| CVE-2007-6399 | 1 Myupb | 1 Flat Php Board | 2026-04-23 | N/A |
| index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | ||||
| CVE-2007-6334 | 2 Ingres, Microsoft | 2 Ingres, Windows Nt | 2026-04-23 | N/A |
| Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | ||||
| CVE-2007-6275 | 1 Bcoos | 1 Bcoos | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. | ||||
| CVE-2006-5428 | 1 Cerberus | 1 Cerberus Helpdesk | 2026-04-23 | N/A |
| rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. | ||||
| CVE-2007-0765 | 1 Db Masters Multimedia | 1 Curium Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter. | ||||
| CVE-2006-5427 | 1 Php Amx | 1 Php Amx | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter. | ||||
| CVE-2006-5426 | 1 Local Calendar System | 1 Local Calendar System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter. | ||||
| CVE-2007-0763 | 1 F3site | 1 F3site | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. | ||||
| CVE-2006-5425 | 1 Xorp | 1 Extensible Open Router Platform | 2026-04-23 | N/A |
| XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. | ||||
| CVE-2007-0756 | 1 Chicken Of The Vnc | 1 Chicken Of The Vnc | 2026-04-23 | N/A |
| Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference. | ||||
| CVE-2006-5423 | 1 Lou Portail | 1 Lou Portail | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5422 | 1 Lodel | 1 Lodel Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | ||||
| CVE-2007-6021 | 1 Adobe | 1 Pagemaker | 2026-04-23 | N/A |
| Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure. | ||||