Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0403 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||
| CVE-2006-5775 | 1 Funkboard | 1 Funkboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter. | ||||
| CVE-2006-6364 | 1 Inside Systems | 1 Inside Systems | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2007-1569 | 1 Newsbin Pro | 1 Newsbin Pro | 2026-04-23 | N/A |
| Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0110 | 1 Novell | 1 Access Manager Identity Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. | ||||
| CVE-2007-1812 | 1 Bt-sondage | 1 Bt-sondage | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter. | ||||
| CVE-2007-0204 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0594 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. | ||||
| CVE-2006-5833 | 1 Greenbeast Cms | 1 Greenbeast Cms | 2026-04-23 | N/A |
| gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file. | ||||
| CVE-2007-0105 | 1 Cisco | 1 Secure Access Control Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | ||||
| CVE-2007-2417 | 2 Progress, Rsa | 4 Openedge, Progress, Ace Server and 1 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. | ||||
| CVE-2006-5350 | 1 Oracle | 2 E-business Suite, Http Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08. | ||||
| CVE-2006-6111 | 1 Alan Ward | 1 A-cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873. | ||||
| CVE-2007-1925 | 1 Tru-zone | 1 Nukeet | 2026-04-23 | N/A |
| The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie. | ||||
| CVE-2006-3893 | 2 Casio, Newtone | 2 Photo Loader, Imagekit | 2026-04-23 | N/A |
| Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document. | ||||
| CVE-2007-0200 | 1 Geoffrey Golliher | 1 Axiom Photo News Gallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. | ||||
| CVE-2006-6117 | 1 Fipsasp | 1 Fipsgallery | 2026-04-23 | N/A |
| SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter. | ||||
| CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | ||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2026-04-23 | N/A |
| includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | ||||
| CVE-2007-1874 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/. | ||||