Export limit exceeded: 362450 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0119 1 Edittag 1 Edittag 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
CVE-2007-2076 1 Maian 1 Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0."
CVE-2006-5074 1 Php Invoice 1 Php Invoice 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter.
CVE-2006-5278 1 Cisco 2 Unified Callmanager, Unified Communications Manager 2026-04-23 N/A
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
CVE-2007-2077 1 Maian 1 Search 2026-04-23 N/A
PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem."
CVE-2007-1525 1 Dayfox Designs 1 Dayfox Blog 2026-04-23 N/A
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
CVE-2007-0799 1 Uapplication 1 Ublog 2026-04-23 N/A
SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-1839 1 Codebb 1 Codebb 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select.
CVE-2007-4385 1 Owasp 1 Stinger 2026-04-23 N/A
OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.
CVE-2006-7169 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.
CVE-2006-5285 1 Xeoport 1 Xeoport 2026-04-23 N/A
SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter.
CVE-2006-5367 1 Oracle 1 E-business Suite 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community.
CVE-2006-4510 1 Novell 1 Edirectory 2026-04-23 N/A
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
CVE-2006-5844 1 Speedywiki 1 Speedywiki 2026-04-23 N/A
Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters.
CVE-2006-6788 1 Luckybot 1 Luckybot 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php.
CVE-2007-0288 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
CVE-2007-6680 1 Ibm 1 Aix 2026-04-23 N/A
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
CVE-2007-0120 1 Acunetix 1 Web Vulnerability Scanner 2026-04-23 N/A
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
CVE-2007-0202 1 Alexphpteam 1 Alex Guestbook 2026-04-23 N/A
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.
CVE-2006-5286 1 Novell 1 Bordermanager 2026-04-23 N/A
Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings."