Export limit exceeded: 13154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359881 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3239 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. | ||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2008-0186 | 1 Phprisk | 1 Netrisk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144. | ||||
| CVE-2006-6373 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | ||||
| CVE-2006-6372 | 1 James Barnsley | 1 Jab Guest Book | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1842 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow. | ||||
| CVE-2007-3230 | 1 Simian Systems Inc | 1 Sitellite | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter. | ||||
| CVE-2006-6358 | 1 Stefan Frech | 1 Online-bookmarks | 2026-04-23 | N/A |
| SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1309 | 1 Novell | 1 Access Manager | 2026-04-23 | N/A |
| Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. | ||||
| CVE-2006-6333 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset. | ||||
| CVE-2006-6332 | 1 Madwifi | 1 Madwifi | 2026-04-23 | N/A |
| Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions. | ||||
| CVE-2006-6331 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php. | ||||
| CVE-2007-3218 | 1 Php Live | 1 Php Live | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. | ||||
| CVE-2007-1291 | 1 Tyger | 1 Bug Tracking System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php. | ||||
| CVE-2007-1044 | 1 Pearson Education | 1 Powerschool | 2026-04-23 | N/A |
| Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2. | ||||
| CVE-2007-3172 | 1 Uebimiau | 1 Uebimiau | 2026-04-23 | N/A |
| Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. | ||||
| CVE-2006-5924 | 1 Efficientip | 1 Ipmanager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5926 | 1 Vallheru | 1 Vallheru | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3178 | 1 Zindizayn Okul Web Sistemi | 1 Zindizayn Okul Web Sistemi | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. | ||||
| CVE-2007-3184 | 2 Apple, Cisco | 2 Mac Os X, Trust Agent | 2026-04-23 | N/A |
| Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | ||||