Export limit exceeded: 19657 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6667 1 Verliadmin 1 Verliadmin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5121 1 Postnuke Software Foundation 1 Postnuke 2026-04-23 N/A
SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.
CVE-2007-2024 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
CVE-2007-0330 1 Ipswitch 1 Ws Ftp Pro 2026-04-23 N/A
Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.
CVE-2007-3724 1 Microsoft 1 Windows Xp 2026-04-23 N/A
The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
CVE-2006-6690 1 Typo3 1 Typo3 2026-04-23 N/A
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
CVE-2007-0331 1 Xentraz 1 Liens Dynamiques 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.
CVE-2006-6691 1 Valdersoft 1 Shopping Cart 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php.
CVE-2006-5129 1 Salims Softhouse 1 Jaf Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.
CVE-2006-5131 1 Salims Softhouse 1 Jaf Cms 2026-04-23 N/A
module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php.
CVE-2007-1023 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2192 1 Antonio Da Cruz 1 Photofiltre Studio 2026-04-23 N/A
Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.
CVE-2006-6697 1 Oracle 1 Application Server Portal 2026-04-23 N/A
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
CVE-2007-0354 1 Mgb 1 Opensource Guestbook 2026-04-23 N/A
SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2239 1 Axis 10 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 7 more 2026-04-23 N/A
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
CVE-2007-2189 1 Mx Smartor 1 Full Album Pack 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0356 2 Common Controls Replacement Project, Microsoft 2 Foldertreeview Activex Control, Ie 2026-04-23 N/A
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
CVE-2006-5184 1 Pkr Internet 1 Taskjitsu 2026-04-23 N/A
SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid.
CVE-2007-2020 1 Xodagallery 1 Xodagallery 2026-04-23 9.8 Critical
Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion
CVE-2007-0360 1 Oreon Project 1 Oreon 2026-04-23 N/A
PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.