Export limit exceeded: 361939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6378 | 1 Widcomm | 1 Btsavemysql | 2026-04-23 | N/A |
| BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests. | ||||
| CVE-2007-0154 | 1 Webulas | 1 Webulas | 2026-04-23 | N/A |
| Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb. | ||||
| CVE-2008-4699 | 1 Microsoft | 1 Peachtree Accounting | 2026-04-23 | N/A |
| Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method. | ||||
| CVE-2007-2569 | 1 Practical Creative And Code | 1 Friendly | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. | ||||
| CVE-2006-6515 | 1 Mantis | 1 Mantis | 2026-04-23 | N/A |
| Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. | ||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | ||||
| CVE-2007-2612 | 1 Wikkawiki | 1 Wikkawiki | 2026-04-23 | N/A |
| SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation." | ||||
| CVE-2007-2619 | 1 Symantec | 1 Pcanywhere | 2026-04-23 | N/A |
| Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785. | ||||
| CVE-2007-2656 | 1 Hp | 1 Hpqvwocx.dll | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. | ||||
| CVE-2007-2752 | 1 Runawaysoft | 1 Haber Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2026-04-23 | N/A |
| (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | ||||
| CVE-2007-2776 | 1 Alstrasoft | 1 Template Seller | 2026-04-23 | N/A |
| AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | ||||
| CVE-2007-1586 | 1 Zyxel | 1 Zynos | 2026-04-23 | N/A |
| ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | ||||
| CVE-2007-0869 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3840 | 1 Hp | 1 Openview Network Node Manager | 2026-04-23 | N/A |
| The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet. | ||||
| CVE-2006-5407 | 1 Osticket | 1 Osticket | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | ||||
| CVE-2006-6922 | 1 Deadlock User Management System | 1 Deadlock User Management System | 2026-04-23 | N/A |
| SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-1591 | 1 Trend Micro | 1 Trend Micro Antivirus | 2026-04-23 | N/A |
| VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error. | ||||
| CVE-2007-1818 | 1 Forum Picture And Meta Tags | 1 Forum Picture And Meta Tags | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-6867 | 1 Vladimir Meshakov | 1 Bubla | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. | ||||