Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1039 | 1 Peanutkb | 1 Peanut Knowledge Base | 2026-04-23 | N/A |
| Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors. | ||||
| CVE-2007-1041 | 1 Sandh | 1 News Rover | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string. | ||||
| CVE-2007-1042 | 1 Xpression News | 1 Xpression News | 2026-04-23 | N/A |
| Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4563 | 2 Ibm, Microsoft | 3 Tivoli Storage Manager, Tivoli Storage Manager Express, Windows | 2026-04-23 | N/A |
| Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value. | ||||
| CVE-2008-6636 | 1 Geody | 1 Dagger | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_skins parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6648 | 1 Ktools | 1 Photostore | 2026-04-23 | N/A |
| SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647. | ||||
| CVE-2008-6657 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action. | ||||
| CVE-2008-6970 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-23 | N/A |
| SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter. | ||||
| CVE-2008-7164 | 1 Ryo-oh-ki | 1 Shareaza | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor. | ||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2026-04-23 | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | ||||
| CVE-2009-1256 | 1 Flexcms | 1 Flexcms | 2026-04-23 | N/A |
| SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1044 | 1 Pearson Education | 1 Powerschool | 2026-04-23 | N/A |
| Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2. | ||||
| CVE-2007-1045 | 1 Malbum | 1 Malbum | 2026-04-23 | N/A |
| mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges. | ||||
| CVE-2007-1046 | 1 Dem Trac | 1 Dem Trac | 2026-04-23 | N/A |
| Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt. | ||||
| CVE-2007-0973 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. | ||||
| CVE-2007-0972 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875. | ||||
| CVE-2007-0971 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER. | ||||
| CVE-2007-0970 | 1 Webtester | 1 Webtester | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input. | ||||
| CVE-2007-0968 | 1 Cisco | 1 Firewall Services Module | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections. | ||||
| CVE-2007-0967 | 1 Cisco | 1 Firewall Services Module | 2026-04-23 | N/A |
| Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests. | ||||