Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2026-04-23 | N/A |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | ||||
| CVE-2006-6948 | 1 Myodbc | 1 Myodbc | 2026-04-23 | N/A |
| MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database. | ||||
| CVE-2007-1611 | 1 Sourcenext | 1 Ikanari Jijyou | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. | ||||
| CVE-2007-3251 | 1 E-vision | 1 E-vision Cms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php. | ||||
| CVE-2006-5240 | 1 Docmint | 1 Docmint Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter. | ||||
| CVE-2007-3891 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. | ||||
| CVE-2007-2490 | 1 Livedata | 3 Iccp Server, Maintenance Server, Protocol Server | 2026-04-23 | N/A |
| Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets. | ||||
| CVE-2007-1096 | 1 Virtuemart | 1 Virtuemart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376. | ||||
| CVE-2007-1568 | 1 Daansystems | 1 Newsreactor | 2026-04-23 | N/A |
| Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename. | ||||
| CVE-2007-2948 | 1 Mplayer | 1 Mplayer | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | ||||
| CVE-2006-5648 | 1 Ubuntu | 1 Ubuntu Linux | 2026-04-23 | 5.5 Medium |
| Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. | ||||
| CVE-2007-2491 | 1 Vmware | 2 Server, Workstation | 2026-04-23 | N/A |
| The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337. | ||||
| CVE-2006-5243 | 1 Opendock | 1 Easy Doc | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts. | ||||
| CVE-2007-1102 | 1 Photostand | 1 Photostand | 2026-04-23 | N/A |
| Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages. | ||||
| CVE-2007-3889 | 1 Insanely Simple Blog | 1 Insanely Simple Blog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. | ||||
| CVE-2006-6952 | 1 Ca | 1 Host-based Intrusion Prevention System | 2026-04-23 | N/A |
| Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers. | ||||
| CVE-2007-0907 | 3 Php, Redhat, Trustix | 5 Php, Enterprise Linux, Rhel Application Stack and 2 more | 2026-04-23 | N/A |
| Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | ||||
| CVE-2007-2880 | 1 Digiappz | 1 Digirez | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. | ||||
| CVE-2007-2499 | 1 Globalmegacorp | 1 Dvddb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php. | ||||
| CVE-2007-2865 | 1 Phppgadmin | 1 Phppgadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | ||||