Export limit exceeded: 363341 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1871 1 Chcounter 1 Chcounter 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.
CVE-2006-6857 1 Docebolms 1 Docebolms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2006-6859 1 Website Designs For Less 1 Click N Print Coupons 2026-04-23 N/A
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2006-6861 1 Outfront 1 Spooky Login 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
CVE-2006-6416 1 Phpleague - Univert 1 Phpleague 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3344 1 Netjukebox 1 Netjukebox 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path.
CVE-2007-3201 1 Winpt 1 Winpt 2026-04-23 N/A
Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.
CVE-2007-3347 1 D-link 2 Dph-540, Dph-541 2026-04-23 N/A
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
CVE-2007-3348 1 D-link 2 Dph-540, Dph-541 2026-04-23 N/A
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
CVE-2006-6907 1 Bluesoil Bluetooth 1 Bluesoil Bluetooth 2026-04-23 N/A
Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.
CVE-2008-4198 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page.
CVE-2008-4233 1 Apple 3 Iphone Os, Ipod Touch, Safari 2026-04-23 N/A
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
CVE-2006-6909 1 Karl Dahlke 1 Edbrowse 2026-04-23 N/A
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
CVE-2006-6916 1 Getahead 1 Direct Web Remoting 2026-04-23 N/A
Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."
CVE-2006-6918 1 Geobb 1 Geobb 2026-04-23 N/A
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
CVE-2007-3197 1 Jelsoft 1 Vbsupport Integrated Ticket System 2026-04-23 N/A
SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-6924 1 Bitweaver 1 Bitweaver 2026-04-23 N/A
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.
CVE-2007-3353 1 Mywebland 1 Myevent 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class.
CVE-2007-0398 1 Arnotic 1 A-forum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.
CVE-2009-3277 1 Xenu By 1 Datavault 2026-04-23 N/A
DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability.