Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6767 1 Wordpress 1 Wordpress 2026-04-23 N/A
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.
CVE-2007-4547 1 X-diesel 1 Unreal Commander 2026-04-23 N/A
Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users.
CVE-2007-4550 1 Altools 1 Alpass 2026-04-23 N/A
Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.
CVE-2008-1641 1 Efestech 1 Video 2026-04-23 N/A
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
CVE-2008-3394 1 Infomining 1 Bookmine 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters.
CVE-2008-1645 1 Guillaume Meister 1 Php Spammanager 2026-04-23 N/A
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
CVE-2008-6768 1 Shopsystem-forum 1 K\&s Shopsoftware 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
CVE-2008-3103 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2026-04-23 N/A
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
CVE-2007-4554 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
CVE-2008-3399 1 Xrms 1 Xrms Crm 2026-04-23 N/A
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
CVE-2007-5323 1 Emc 1 Replistor 2026-04-23 N/A
The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv function call.
CVE-2008-5288 1 Scripts4you 1 Faq Manager 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.
CVE-2009-0510 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
CVE-2009-0511 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
CVE-2008-3400 1 Xrms 1 Xrms Crm 2026-04-23 N/A
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
CVE-2007-5362 3 Ag-solutions, Joomla, Mambo 3 Mosmedia Lite, Joomla, Mambo 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
CVE-2007-5364 1 Viart 1 Shopping Cart 2026-04-23 N/A
Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php
CVE-2008-3401 1 Hscripts 1 Hiox Random Ad 2026-04-23 N/A
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-6777 1 Myphp 1 Myphp Forum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
CVE-2007-5367 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.