Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1305 1 Savas Place 1 Savas Guestbook 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.
CVE-2007-1888 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.
CVE-2007-1338 1 Apple 1 Airport Extreme 2026-04-23 N/A
The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.
CVE-2007-1886 1 Php 1 Php 2026-04-23 N/A
Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."
CVE-2007-4439 1 Lighthouse Development 1 Squirrelcart 2026-04-23 N/A
PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php.
CVE-2007-4455 1 Asterisk 3 Asterisk, Asterisk Appliance Developer Kit, Asterisknow 2026-04-23 N/A
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
CVE-2007-2706 1 Geeklog 1 Media Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.
CVE-2006-7048 1 Claroline 1 Claroline 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.
CVE-2006-6230 1 Vubb 1 Vubb 2026-04-23 N/A
SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.
CVE-2007-0401 1 Easebay Resources 1 Login Manager 2026-04-23 N/A
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.
CVE-2007-2694 1 Bea 1 Weblogic Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-1883 1 Php 1 Php 2026-04-23 N/A
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.
CVE-2007-2692 3 Mysql, Oracle, Redhat 4 Mysql, Mysql, Enterprise Linux and 1 more 2026-04-23 N/A
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
CVE-2007-1344 1 Xiph 1 Icecast Ezstream 2026-04-23 N/A
Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.
CVE-2007-0412 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.
CVE-2006-6218 1 Dev4u 1 Dev4u Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters.
CVE-2007-0421 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.
CVE-2006-7053 1 Arkoon 1 Fast360 2026-04-23 N/A
Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."
CVE-2007-0563 1 Symantec 1 Web Security 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.
CVE-2007-4487 1 Dscripting.com 1 D22-shoutbox 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.