Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6974 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. | ||||
| CVE-2006-7018 | 1 Oliver Georgi | 1 Phpwcms | 2026-04-23 | N/A |
| phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. | ||||
| CVE-2007-0902 | 1 Moinmoin | 1 Moinmoin | 2026-04-23 | N/A |
| Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5117 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. | ||||
| CVE-2007-0921 | 1 Radical Technologies | 1 Portal Search | 2026-04-23 | N/A |
| Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. | ||||
| CVE-2007-0551 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | ||||
| CVE-2007-1854 | 1 Hitachi | 7 Cosminexus Component Container, Electronic Form Workflow, Ucosminexus Application Server and 4 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact related to "unintended other requests." | ||||
| CVE-2006-5803 | 1 Mxbb | 1 Mxbb Smartor Album | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2007-1296 | 1 Aj Square | 1 Aj Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter. | ||||
| CVE-2007-1427 | 1 Assetman | 1 Assetman | 2026-04-23 | N/A |
| Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter. | ||||
| CVE-2006-6583 | 1 Scriptmate | 1 User Manager | 2026-04-23 | N/A |
| ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. | ||||
| CVE-2006-5118 | 1 Phpselect | 1 Web Development Division | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter. | ||||
| CVE-2006-7022 | 1 Fx-app | 1 Fx-app | 2026-04-23 | N/A |
| The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. | ||||
| CVE-2007-0922 | 1 Radical Technologies | 1 Portal Search | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2007-0759 | 1 Umberto Caldera | 1 Easymoblog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. | ||||
| CVE-2006-6913 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-23 | N/A |
| Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. | ||||
| CVE-2007-0829 | 1 Alwil | 1 Avast Antivirus | 2026-04-23 | N/A |
| avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. | ||||
| CVE-2006-5425 | 1 Xorp | 1 Extensible Open Router Platform | 2026-04-23 | N/A |
| XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. | ||||
| CVE-2007-0349 | 1 Nicecoder | 1 Indexu | 2026-04-23 | N/A |
| Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter. | ||||
| CVE-2006-7067 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect. | ||||