Export limit exceeded: 346616 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1950 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter. | ||||
| CVE-2007-4247 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. | ||||
| CVE-2007-4527 | 1 Phphq | 1 Phuploader | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4255 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | ||||
| CVE-2006-7002 | 1 Wheatblog | 1 Wheatblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195. | ||||
| CVE-2007-4256 | 1 Ynp | 1 Portal Systems | 2026-04-23 | N/A |
| Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. | ||||
| CVE-2007-1954 | 1 Archivexpert | 1 Archivexpert | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file. | ||||
| CVE-2007-4263 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. | ||||
| CVE-2007-1955 | 1 Signkorea | 1 Skcommax Activex Control | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6813 | 1 Mxmania | 1 Mxmania File Upload Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-5257 | 1 Ciamos | 1 Ciamos Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter. | ||||
| CVE-2006-5254 | 1 Mamboxchange | 1 Extended Registration | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-6814 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-23 | N/A |
| Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. | ||||
| CVE-2007-1883 | 1 Php | 1 Php | 2026-04-23 | N/A |
| PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters. | ||||
| CVE-2006-5249 | 1 Tagit | 1 Tagboard | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter. | ||||
| CVE-2006-5241 | 1 Opendock | 1 Easy Gallery | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts. | ||||
| CVE-2006-5233 | 1 Polycom | 1 Soundpoint Ip 301 | 2026-04-23 | N/A |
| Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | ||||
| CVE-2006-5217 | 1 Emek Portal | 1 Emek Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters. | ||||
| CVE-2007-1662 | 1 Pcre | 1 Pcre | 2026-04-23 | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | ||||
| CVE-2007-1874 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/. | ||||