Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3808 | 1 Php Arena | 1 Pafiledb | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. | ||||
| CVE-2006-5246 | 1 Eazy Cart | 1 Eazy Cart | 2026-04-23 | N/A |
| Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information. | ||||
| CVE-2006-5247 | 1 Eazy Cart | 1 Eazy Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information. | ||||
| CVE-2006-5305 | 1 Phpbb | 1 Lat2cyr | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5256 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. | ||||
| CVE-2006-6067 | 1 20 20 Applications | 1 20 20 Datashed | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955. | ||||
| CVE-2006-5281 | 1 Navyism | 1 N At Board | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter. | ||||
| CVE-2007-3827 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window. | ||||
| CVE-2006-5299 | 1 Gcontact | 1 Gcontact | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | ||||
| CVE-2007-3830 | 1 Ibm | 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | ||||
| CVE-2009-1212 | 1 Precisionid | 1 Data Matrix Barcode Activex Control | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods. | ||||
| CVE-2006-5318 | 1 Nayco | 1 Jasmine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter. | ||||
| CVE-2006-5346 | 1 Oracle | 3 Collaboration Suite, E-business Suite, Http Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02. | ||||
| CVE-2006-5357 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03. | ||||
| CVE-2007-0377 | 1 Xoops | 1 Xoops | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | ||||
| CVE-2006-5389 | 1 Wyana | 1 Php-wyana | 2026-04-23 | N/A |
| tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message. | ||||
| CVE-2006-6292 | 1 Apple | 2 Airport Extreme, Mac Os X | 2026-04-23 | N/A |
| Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames. | ||||
| CVE-2006-6356 | 1 Phpnews | 1 Phpnews | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. | ||||
| CVE-2007-4206 | 1 Kaspersky Lab | 1 Kaspersky Anti-spam | 2026-04-23 | N/A |
| Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges. | ||||