Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5959 1 Web Inhabit 1 A\+ Store E-commerce 2026-04-23 N/A
SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter.
CVE-2006-6031 1 Gcis 1 Aspcart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.
CVE-2007-0622 1 Mybb 1 Mybb 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1977 1 Holacms 1 Holacms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.
CVE-2006-5463 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
CVE-2007-1416 1 Jccorp 1 Urlshrink 2026-04-23 N/A
PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.
CVE-2007-3109 1 Microsoft 2 Frontpage, Office 2026-04-23 N/A
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
CVE-2007-3140 1 Wordpress 1 Wordpress 2026-04-23 N/A
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
CVE-2007-3141 1 Phpwebthings 1 Phpwebthings 2026-04-23 N/A
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042.
CVE-2007-3111 2 Microsoft, Provideo 3 Internet Explorer, Windows 2000, Camimage Activex Control 2026-04-23 N/A
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
CVE-2007-3168 1 Edraw 1 Office Viewer Component 2026-04-23 N/A
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
CVE-2006-6169 2 Gnupg, Redhat 2 Gnupg, Enterprise Linux 2026-04-23 N/A
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
CVE-2007-2535 1 Winace 1 Winace 2026-04-23 N/A
WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
CVE-2007-2541 1 Versado Cms 1 Versado Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.
CVE-2007-3170 1 Uebimiau 1 Uebimiau 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php.
CVE-2006-6166 1 Ryan Demmer 1 Joomla Content Editor 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.
CVE-2007-0676 1 Exo 1 Exophpdesk 2026-04-23 N/A
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3181 2 Bakbone, Firebirdsql 2 Netvault, Firebird 2026-04-23 N/A
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
CVE-2007-0684 1 Cerulean Portal System 1 Cerulean Portal System 2026-04-23 N/A
PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-2544 1 Php Toptree Bbs 1 Php Toptree Bbs 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.