Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6924 | 1 Bitweaver | 1 Bitweaver | 2026-04-23 | N/A |
| bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380. | ||||
| CVE-2007-3353 | 1 Mywebland | 1 Myevent | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class. | ||||
| CVE-2006-7167 | 1 Prorat | 1 Server | 2026-04-23 | N/A |
| Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2020 | 1 Xodagallery | 1 Xodagallery | 2026-04-23 | 9.8 Critical |
| Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion | ||||
| CVE-2006-6935 | 1 Portix-php | 1 Portix-php | 2026-04-23 | N/A |
| SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields. | ||||
| CVE-2007-3354 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978. | ||||
| CVE-2007-0558 | 1 Inter7 | 1 Vhostadmin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. | ||||
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | ||||
| CVE-2006-6949 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2006-6950 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument. | ||||
| CVE-2006-6951 | 1 Odysseus Blog | 1 Odysseus Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2007-1925 | 1 Tru-zone | 1 Nukeet | 2026-04-23 | N/A |
| The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie. | ||||
| CVE-2006-7168 | 1 Phpbb | 1 Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-3362 | 3 Ageet, Htc, Microsoft | 3 Agephone, Hytn, Windows Mobile | 2026-04-23 | N/A |
| ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. | ||||
| CVE-2007-0589 | 1 Forum Livre | 1 Forum Livre | 2026-04-23 | N/A |
| SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. | ||||
| CVE-2007-3028 | 1 Microsoft | 1 Windows 2000 | 2026-04-23 | N/A |
| The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. | ||||
| CVE-2007-3370 | 1 Kim Kyoung Min | 1 Sun Board | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | ||||
| CVE-2006-6992 | 1 Gosurf Browser | 1 Gosurf Browser | 2026-04-23 | N/A |
| Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-6993 | 1 Dev | 1 Neuron Blog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1624 | 1 Realguestbook | 1 Realguestbook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||