Export limit exceeded: 34926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29900 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29900 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0809 | 1 Ptirhiikmods | 1 Mod-ch | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-3952 | 1 Norman | 1 Normon Antivirus | 2026-04-23 | N/A |
| The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around". | ||||
| CVE-2007-3310 | 1 Tdizin | 1 Tdizin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2026-04-23 | N/A |
| SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | ||||
| CVE-2007-0814 | 1 Adrenalin Labs | 1 Adrenalins Asp Chat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. | ||||
| CVE-2007-3316 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | ||||
| CVE-2007-3957 | 1 Nipun Jain | 1 Xserver | 2026-04-23 | N/A |
| Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI. | ||||
| CVE-2006-5180 | 1 Baumedia | 1 Newswriter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/main.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter, a different vector than CVE-2006-5102. | ||||
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | ||||
| CVE-2008-7001 | 1 Creative Mind | 1 Creator Cms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2008-3746 | 1 Webdav | 1 Neon | 2026-04-23 | N/A |
| neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. | ||||
| CVE-2007-0672 | 2 Broadcom, Ca | 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more | 2026-04-23 | N/A |
| LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\. | ||||
| CVE-2006-7119 | 1 Phpgiggle | 1 Phpgiggle | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter. | ||||
| CVE-2006-5596 | 1 Aep Networks | 1 Smartgate Ssl Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. | ||||
| CVE-2009-0369 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. | ||||
| CVE-2006-7111 | 1 Futomis Cgi Cafe | 1 Kmail Cgi | 2026-04-23 | N/A |
| Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors. | ||||
| CVE-2008-5681 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. | ||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2026-04-23 | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0341 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. | ||||
| CVE-2006-6350 | 1 Iisworks | 1 Listpics | 2026-04-23 | N/A |
| listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb. | ||||