Export limit exceeded: 346845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6608 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php. | ||||
| CVE-2007-6711 | 1 Freewebshop | 1 Freewebshop | 2026-04-23 | N/A |
| Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors. | ||||
| CVE-2007-6625 | 1 Novell | 1 Identity Manager | 2026-04-23 | N/A |
| The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | ||||
| CVE-2007-6633 | 1 Netbizcity | 1 Faqmasterflexplus | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts. | ||||
| CVE-2007-6641 | 1 Milliscripts | 1 Milliscripts | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Redirection allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a browse action. | ||||
| CVE-2007-6646 | 1 Integry Systems | 1 Livecart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return parameter to user/remindPassword, (2) the q parameter to the category script, (3) the return parameter to the order script, or (4) the email parameter to user/remindComplete. | ||||
| CVE-2006-5398 | 1 Simplog | 1 Simplog | 2026-04-23 | N/A |
| SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-6668 | 1 Peergoal | 1 Myspace Content Zone | 2026-04-23 | N/A |
| admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file. | ||||
| CVE-2006-5399 | 1 Phprecipebook | 1 Phprecipebook | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in classes/Import_MM.class.php in PHPRecipeBook 2.36, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the g_rb_basedir parameter. | ||||
| CVE-2007-6685 | 1 Menalto | 1 Gallery Publish Xp Module | 2026-04-23 | N/A |
| Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. | ||||
| CVE-2007-6691 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. | ||||
| CVE-2007-6702 | 1 Goahead Software | 2 Fs4104-aw Device, Goahead Webserver | 2026-04-23 | N/A |
| goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. | ||||
| CVE-2006-5650 | 1 Aol | 1 Icq | 2026-04-23 | N/A |
| The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | ||||
| CVE-2007-6716 | 7 Canonical, Debian, Linux and 4 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2026-04-23 | 5.5 Medium |
| fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. | ||||
| CVE-2007-6720 | 2 Igno Saitz, Redhat | 2 Libmikmod, Enterprise Linux | 2026-04-23 | N/A |
| libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels. | ||||
| CVE-2007-6726 | 2 Apache, Dojotoolkit | 2 Struts, Dojo | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/. | ||||
| CVE-2006-5745 | 1 Microsoft | 1 Xml Core Services | 2026-04-23 | N/A |
| Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5757 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. | ||||
| CVE-2006-5760 | 1 Phpdynasite | 1 Phpdynasite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | ||||
| CVE-2007-5498 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks. | ||||