Search Results (361957 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1674 1 Landesk 1 Landesk Management Suite 2026-04-23 N/A
Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.
CVE-2009-4197 1 Huawei 3 Mt882 Modem, Mt882 Modem Firmware, Mt882 V100t002b020 Arg-t 2026-04-23 N/A
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.
CVE-2006-6873 1 Endonesia 1 Endonesia 2026-04-23 N/A
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
CVE-2008-5707 1 Aspindir 1 Iltaweb Alisveris Sistemi 2026-04-23 N/A
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.
CVE-2008-3668 1 Marcello Brandao 1 Yogurt Social Network Module 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
CVE-2008-0288 1 Imagealbum 1 Imagealbum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.
CVE-2008-3036 1 Cms Little 1 Cms Little 2026-04-23 N/A
Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter.
CVE-2008-3848 1 Pdesigner 1 Z-breaknews 2026-04-23 N/A
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2746 1 Gryphon 1 Gllcts2 2026-04-23 N/A
SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter.
CVE-2008-3508 1 Wogan May 1 Litenews 2026-04-23 N/A
LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.
CVE-2008-6873 1 Activewebsoftwares 1 Active Web Mail 2026-04-23 N/A
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
CVE-2009-3591 1 Ben Webb 1 Dopewars 2026-04-23 N/A
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
CVE-2006-7019 1 Phpwcms 1 Phpwcms 2026-04-23 N/A
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7020 1 Oliver Georgi 1 Phpwcms 2026-04-23 N/A
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
CVE-2009-2842 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
CVE-2009-4249 1 Cutephp 1 Cutenews 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php.
CVE-2006-7024 1 Harpia 1 Harpia Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.
CVE-2006-7025 1 Sangwan Kim 1 Bookmark4u 2026-04-23 N/A
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
CVE-2006-7026 1 Avatic 1 Aardvark Topsites Php 2026-04-23 N/A
PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.
CVE-2006-7030 1 Microsoft 8 Ie, Windows 2000, Windows 2003 Server and 5 more 2026-04-23 N/A
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.