Export limit exceeded: 363519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363519 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5890 1 Superfreaker Studios 1 Usupport 2026-04-23 N/A
SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-5891 1 Superfreaker Studios 1 Ustore 2026-04-23 N/A
SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-5895 1 Encapscms 1 Encapscms 2026-04-23 N/A
PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2007-3166 1 Qualcomm 1 Eudora 2026-04-23 N/A
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
CVE-2006-5909 1 Paul Tarjan 1 Stanford Conference And Research Forum 2026-04-23 N/A
generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.
CVE-2007-3160 1 Php Real Estate Classifieds 1 Php Real Estate Classifieds 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.
CVE-2006-5867 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-23 N/A
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
CVE-2006-5868 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2026-04-23 N/A
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
CVE-2006-6253 1 Cahier De Textes 1 Cahier De Textes 2026-04-23 N/A
Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql.
CVE-2007-3155 1 Egroupware 1 Egroupware 2026-04-23 N/A
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
CVE-2007-3153 1 Daniel Stenberg 1 C-ares 2026-04-23 N/A
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
CVE-2008-1820 1 Oracle 3 Database 10g, Database 11g, Database 9i 2026-04-23 N/A
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure.
CVE-2007-3150 1 Google 1 Desktop 2026-04-23 N/A
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.
CVE-2006-5804 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2007-3139 1 Open Solution 1 Quick.cart 2026-04-23 N/A
config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.
CVE-2007-3136 1 Newssync 1 Newssync 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter.
CVE-2008-1819 1 Oracle 2 Database 9i, Database Server 2026-04-23 N/A
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.
CVE-2007-3131 1 Public Warehouse 1 Light Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-1817 1 Oracle 2 Database 9i, Database Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection.
CVE-2006-6229 1 Codewalkers 1 Ltwcalendar 2026-04-23 N/A
Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.