Search Results (363052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5540 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
CVE-2007-5716 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.
CVE-2007-5687 1 Justsystem 1 Ichitaro 2026-04-23 N/A
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
CVE-2007-5674 1 Instaguide 1 Weather 2026-04-23 N/A
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
CVE-2007-5524 1 Oracle 2 Application Server, Collaboration Suite 2026-04-23 N/A
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9.
CVE-2009-2890 1 Phpscriptsnow 1 Riddles 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
CVE-2007-5523 1 Oracle 2 Application Server, Collaboration Suite 2026-04-23 N/A
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08.
CVE-2009-2889 1 Phpscriptsnow 1 Hangman 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
CVE-2007-5648 1 Rnote 1 Rnote 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter.
CVE-2007-5423 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
CVE-2009-2771 1 Freearcadescript 1 Free Arcade Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/.
CVE-2007-5429 1 Nucleus Cms 1 Nucleus Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.
CVE-2009-2781 1 Arabportal 1 Arab Portal 2026-04-23 N/A
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
CVE-2007-5174 1 Actsite 1 Actsite 2026-04-23 N/A
Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter.
CVE-2007-5187 1 Php-fusion 1 Expanded Calendar Module 2026-04-23 N/A
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.
CVE-2007-5181 1 Netkamp 1 Netkamp Emlak Scripti 2026-04-23 N/A
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter.
CVE-2009-2788 1 Mobilelib 1 Mobilelib Gold 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.
CVE-2007-5433 1 Siteup 1 Siteup 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field.
CVE-2009-2789 2 Joomla, Permis 2 Joomla, Com Groups 2026-04-23 N/A
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5201 1 Duplicity Project 1 Duplicity 2026-04-23 N/A
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.