Export limit exceeded: 359576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359576 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4966 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | ||||
| CVE-2007-4960 | 1 Linden Lab | 1 Second Life | 2026-04-23 | N/A |
| Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | ||||
| CVE-2007-4959 | 1 Jelsoft | 1 Oscmax | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2277 | 1 Cmsnx | 1 Feedback And Rating Script | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | ||||
| CVE-2007-4956 | 1 Kwsphp | 1 Kwsphp | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module. | ||||
| CVE-2007-4955 | 1 Joomla | 1 Flash Fun Component | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2008-2276 | 1 Matisbt | 1 Mantis | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link. | ||||
| CVE-2007-4954 | 1 Joomla | 1 Joom12pic Component | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2007-4952 | 1 Omnistar Interactive | 1 Omnistar Article Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917. | ||||
| CVE-2008-2275 | 1 Typo3 | 1 Sr Feuser Register Extension | 2026-04-23 | N/A |
| Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | ||||
| CVE-2007-4951 | 1 Yapig | 1 Yapig | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in sample.php in YaPiG 0.95b allows remote attackers to execute arbitrary PHP code via a URL in the YAPIG_PATH parameter. NOTE: this issue has been disputed by CVE, since YAPIG_PATH is defined before use | ||||
| CVE-2007-4949 | 1 Phpreactor | 1 Phpreactor | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root | ||||
| CVE-2008-2274 | 1 Typo3 | 1 Sr Feuser Register Extension | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-5730 | 1 Modxcms | 1 Modxcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. | ||||
| CVE-2008-2265 | 1 Emophp | 1 Emo Realty Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter. | ||||
| CVE-2007-4948 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess support. NOTE: the includes/core.lib.php vector is already covered by CVE-2006-5252. | ||||
| CVE-2007-4947 | 1 Myphppagetool | 1 Myphppagetool | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3) help3.php, (4) help4.php, (5) help5.php, (6) help6.php, (7) help7.php, (7) help8.php, (8) help9.php, or (10) index.php in doc/admin/. | ||||
| CVE-2007-4945 | 1 Jasmine Technologies | 1 Lettergrade | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4943 | 1 Baofeng | 1 Storm | 2026-04-23 | N/A |
| Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2252 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." | ||||