Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5415 1 News Defilante Horizontale 1 News Defilante Horizontale 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5480 1 Castor 1 Php Web Builder 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.
CVE-2007-3792 1 Azerbaijan Development Group 1 Azdgdating 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.
CVE-2008-2594 1 Oracle 1 Oracle Application Server 2026-04-23 N/A
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593.
CVE-2008-0945 1 Ipswitch 2 Imserver, Instant Messaging 2026-04-23 N/A
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.
CVE-2007-4733 1 Aztech 1 Dsl 600eu Router 2026-04-23 N/A
The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
CVE-2008-3352 1 Nersoft 1 Live Music Plus 2026-04-23 N/A
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
CVE-2008-2282 1 Thomas Voecking 1 Internet Photoshow 2026-04-23 N/A
admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true.
CVE-2008-2296 1 Rgboard 1 Rgboard 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2009-0827 1 Freedville 1 Pollhelper 2026-04-23 N/A
PollHelper stores poll.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request.
CVE-2009-0828 1 Freedville 1 Quotebook 2026-04-23 N/A
QuoteBook stores quotes.inc under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information, including user credentials, via a direct request.
CVE-2008-4050 1 Friendly Technologies 1 Friendly Pppoe Client 2026-04-23 N/A
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.
CVE-2009-0829 1 Andrew Freed 1 Quotebook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0831 1 Php-fusion 2 Members Cv Module, Php-fusion 2026-04-23 N/A
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
CVE-2007-2231 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2026-04-23 N/A
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
CVE-2007-2259 1 Esforum 1 Esforum 2026-04-23 N/A
SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.
CVE-2008-2610 1 Oracle 2 E-business Suite, Oracle Applications Technology Stack Component 2026-04-23 N/A
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.
CVE-2007-2265 1 Phpee 1 Ya Book 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php.
CVE-2009-3891 1 Wordpress 1 Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).
CVE-2007-2269 1 Swsoft 1 Plesk 2026-04-23 N/A
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.