Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2298 | 1 Gforge | 1 Garennes | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/. | ||||
| CVE-2007-2301 | 1 Arash | 1 Audiocms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/. | ||||
| CVE-2006-6283 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post. | ||||
| CVE-2007-2310 | 1 Bloofoxcms | 1 Bloofoxcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. | ||||
| CVE-2007-2327 | 1 Labs4 | 1 Htmleditbox | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter. | ||||
| CVE-2007-2317 | 2 Minibb, Tosmo Mambo | 2 Minibb, Tosmo Mambo | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. | ||||
| CVE-2006-6302 | 1 Fail2ban | 1 Fail2ban | 2026-04-23 | N/A |
| fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address. | ||||
| CVE-2007-0590 | 1 Forum Livre | 1 Forum Livre | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter. | ||||
| CVE-2007-0496 | 1 Neon Labs | 1 Neon Labs Website | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. | ||||
| CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. | ||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | ||||
| CVE-2006-6392 | 1 Plx Web Studio | 1 Plx Pay | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. (dot dot) in the read parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5281 | 1 Navyism | 1 N At Board | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter. | ||||
| CVE-2006-5282 | 1 Sh-news | 1 Sh-news | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php. | ||||
| CVE-2007-0606 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | ||||
| CVE-2006-5283 | 1 Minichat | 1 Minichat | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter. | ||||
| CVE-2006-6393 | 1 Jonas Gauffin | 1 Publicera | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function. | ||||
| CVE-2006-5284 | 1 Php News Reader | 1 Php News Reader | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter. | ||||
| CVE-2006-6394 | 1 Jonas Gauffin | 1 Publicera | 2026-04-23 | N/A |
| SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-5293 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter. | ||||