Export limit exceeded: 346191 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4132 | 1 Redhat | 2 Network Satelite Server, Network Satellite | 2026-04-23 | N/A |
| Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler." | ||||
| CVE-2008-6296 | 1 Maran | 1 Php Shop | 2026-04-23 | N/A |
| admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo." | ||||
| CVE-2008-6297 | 1 Dhcart | 1 Dhcart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters. | ||||
| CVE-2008-6301 | 2 Phpbb, Prezmo | 2 Phpbb, Small Shoutbox | 2026-04-23 | N/A |
| SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | ||||
| CVE-2008-6303 | 1 Toursmanager | 1 Tours Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter. | ||||
| CVE-2008-6305 | 1 Freedirectoryscript | 1 Free Directory Script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter. | ||||
| CVE-2009-0114 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." | ||||
| CVE-2009-0521 | 3 Adobe, Linux, Redhat | 3 Flash Player For Linux, Linux Kernel, Rhel Extras | 2026-04-23 | N/A |
| Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. | ||||
| CVE-2006-4927 | 1 Symantec | 2 Naveng Driver, Navex15 Driver | 2026-04-23 | N/A |
| The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB. | ||||
| CVE-2006-6380 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2007-0676 | 1 Exo | 1 Exophpdesk | 2026-04-23 | N/A |
| SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0687 | 1 Michelle | 1 L2j Dropcalc | 2026-04-23 | N/A |
| SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter. | ||||
| CVE-2007-0688 | 1 Hunkaray Duyuru | 1 Scripti | 2026-04-23 | N/A |
| SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-1679 | 1 Horde | 1 Groupware | 2026-04-23 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages | ||||
| CVE-2007-3901 | 1 Microsoft | 5 Directx, Windows 2000, Windows 2003 Server and 2 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. | ||||
| CVE-2007-4608 | 1 Winterburns.co.uk | 1 Epersonnel | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter. | ||||
| CVE-2007-4609 | 1 Eyeos Project | 1 Eyeos | 2026-04-23 | N/A |
| eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. | ||||
| CVE-2007-4617 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. | ||||
| CVE-2007-4624 | 1 Abledesign | 1 Dynamic Picture Frame | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information. | ||||