Export limit exceeded: 363304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363304 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0709 1 Comodo 1 Comodo Firewall Pro 2026-04-23 N/A
cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
CVE-2009-4477 1 Xstate 1 Real Estate 2026-04-23 N/A
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2009-3971 2 Joomla, Jtips 2 Joomla\!, Com Jtips 2026-04-23 N/A
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
CVE-2007-0670 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
CVE-2007-0650 1 Makeindex 1 Makeindex 2026-04-23 N/A
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
CVE-2007-0639 1 Guppy 1 Guppy 2026-04-23 N/A
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].
CVE-2008-3788 1 Picturespro 1 Picturespro Photo Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
CVE-2007-0620 1 Vlad Leont 1 Fd Script 2026-04-23 N/A
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
CVE-2007-0614 1 Apple 3 Ichat, Instant Message Framework, Mac Os X 2026-04-23 N/A
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
CVE-2007-0602 1 Trend Micro 1 Viruswall 2026-04-23 N/A
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.
CVE-2007-0579 1 Horde 1 Groupware 2026-04-23 N/A
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-0573 1 Nsgalphp 1 Nsgalphp 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.
CVE-2007-4913 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
CVE-2007-0538 1 Telligent Systems 1 Community Server Forums 2026-04-23 N/A
Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
CVE-2007-0535 1 Vote Pro 1 Vote Pro 2026-04-23 N/A
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6505 2 Mozilla, Redhat 3 Seamonkey, Thunderbird, Enterprise Linux 2026-04-23 N/A
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
CVE-2009-2383 2 Blogtrafficexchange, Wordpress 2 Related-sites, Wordpress 2026-04-23 N/A
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.
CVE-2009-2487 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
CVE-2006-6532 1 Vt-forum 1 Vt-forum Lite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6553 1 Mxbb 1 Mxbb Newssuite 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.