Export limit exceeded: 363021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6388 1 Link 1 Content Management Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7000 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.
CVE-2007-1418 1 Mindtouch 1 Dekiwiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2007-2414 2 Microsoft, Myserver 2 All Windows, Myserver 2026-04-23 N/A
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2007-2416 1 E-annu 1 E-annu 2026-04-23 N/A
SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.
CVE-2007-2293 1 Asterisk 1 Asterisk 2026-04-23 N/A
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
CVE-2007-2425 1 Blackdot 1 Imageview 2026-04-23 N/A
Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.
CVE-2007-1539 1 Pragmamx 1 Landkarten 2026-04-23 N/A
Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
CVE-2006-6392 1 Plx Web Studio 1 Plx Pay 2026-04-23 N/A
Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. (dot dot) in the read parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2419 1 Macrovision 2 Flexnet Connect, Update Service 2026-04-23 N/A
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
CVE-2007-2432 1 Nukedit 1 Nukedit 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7023 1 Fx-app 1 Fx-app 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.
CVE-2007-2739 1 Xajax 1 Xajax 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-6393 1 Jonas Gauffin 1 Publicera 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function.
CVE-2006-7029 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.
CVE-2006-6394 1 Jonas Gauffin 1 Publicera 2026-04-23 N/A
SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-2468 1 Hp 1 Openvms 2026-04-23 N/A
Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions."
CVE-2006-6395 1 Ulrik Petersen 2 Emdros Database Engine, Emrdos Database Engine 2026-04-23 N/A
Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415.
CVE-2007-3247 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.
CVE-2007-2474 1 Turnkey Web Tools 1 Sunshop Shopping Cart 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070.