Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3342 | 1 Six Apart | 1 Movable Type | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. | ||||
| CVE-2006-5769 | 1 Fixpunkt Gmbh | 1 Admin.tool Cms 3 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors. | ||||
| CVE-2007-1626 | 1 Php-nuke | 1 Iframe Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-0164 | 1 Camouflage | 1 Camouflage | 2026-04-23 | N/A |
| Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information. | ||||
| CVE-2007-1625 | 1 Realguestbook | 1 Realguestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data. | ||||
| CVE-2007-0874 | 1 Allons Voter | 1 Allons Voter | 2026-04-23 | N/A |
| Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2007-4571 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. | ||||
| CVE-2007-0128 | 1 Digiappz | 1 Digirez | 2026-04-23 | N/A |
| SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | ||||
| CVE-2006-5746 | 1 Airmagnet | 1 Enterprise | 2026-04-23 | N/A |
| The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates. | ||||
| CVE-2007-0172 | 1 Allmyguests Project | 1 Allmyguests | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php. | ||||
| CVE-2006-6387 | 1 Link Content Management Server | 1 Link Content Management Server | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0770 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2026-04-23 | N/A |
| Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. | ||||
| CVE-2007-3567 | 1 Mysqldumper | 1 Mysqldumper | 2026-04-23 | N/A |
| MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. | ||||
| CVE-2007-1623 | 1 Realguestbook | 1 Realguestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0171 | 1 Allmylinks Project | 1 Allmylinks | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | ||||
| CVE-2006-5736 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | ||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-5732 | 1 Tgs Cms | 1 Tgs Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie. | ||||
| CVE-2007-3324 | 1 Comersus Open Technologies | 1 Comersus Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. | ||||
| CVE-2006-7008 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | ||||