Export limit exceeded: 359378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4398 | 1 Irssi | 1 Irssi | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||
| CVE-2007-1696 | 1 Active Web Softwares | 1 Active Newsletter | 2026-04-23 | N/A |
| SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter. | ||||
| CVE-2007-1749 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. | ||||
| CVE-2006-7194 | 1 Republique Francaise | 1 Agora | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. | ||||
| CVE-2007-1907 | 1 Pathos | 1 Content Management System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2006-5436 | 1 Freefaq | 1 Freefaq | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter. | ||||
| CVE-2006-5438 | 1 Comdev | 1 Comdev Forum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-1853 | 1 Hitachi | 5 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors. | ||||
| CVE-2007-0470 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. | ||||
| CVE-2007-1858 | 2 Apache, Redhat | 3 Tomcat, Network Satellite, Rhel Application Server | 2026-04-23 | N/A |
| The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. | ||||
| CVE-2007-3434 | 1 Netart Media | 1 Pharmacy System | 2026-04-23 | N/A |
| index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message. | ||||
| CVE-2007-3437 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2026-04-23 | N/A |
| AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. | ||||
| CVE-2007-3445 | 3 Microsoft, Securecomputing, Sj Labs | 3 Windows Mobile, Sch I730 Phone, Sjphone | 2026-04-23 | N/A |
| Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. | ||||
| CVE-2006-5491 | 1 Ceary | 1 Ultracms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | ||||
| CVE-2007-1908 | 1 Php121 | 1 Php121 Instant Messenger | 2026-04-23 | N/A |
| PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. | ||||
| CVE-2009-4323 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322. | ||||
| CVE-2007-1912 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. | ||||
| CVE-2007-1964 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2026-04-23 | N/A |
| member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. | ||||
| CVE-2007-1967 | 1 Stat12 | 1 Stat12 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party | ||||
| CVE-2007-1968 | 1 Sam Crew | 1 Myblog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter. | ||||