Export limit exceeded: 363836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2314 | 1 Crea-book | 1 Crea-book | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2311 | 1 Bloofoxcms | 1 Bloofoxcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use | ||||
| CVE-2006-7097 | 1 Taskfreak | 1 Taskfreak | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | ||||
| CVE-2007-4460 | 1 Id3lib | 1 Id3lib | 2026-04-23 | N/A |
| The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged. | ||||
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | ||||
| CVE-2007-4565 | 2 Fetchmail, Redhat | 2 Fetchmail, Enterprise Linux | 2026-04-23 | N/A |
| sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. | ||||
| CVE-2007-4590 | 1 Hp | 3 Dynrootdisk, Hp-ux, Ignite-ux | 2026-04-23 | N/A |
| The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors. | ||||
| CVE-2007-5156 | 4 Cardinal Cms Project, Redlinesoft, Sitex Cms Project and 1 more | 4 Cardinal Cms, Lanai Cms, Sitex Cms and 1 more | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. | ||||
| CVE-2008-3661 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | ||||
| CVE-2007-5273 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2026-04-23 | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. | ||||
| CVE-2007-5277 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. | ||||
| CVE-2007-1015 | 1 Aktueldownload | 1 Aktueldownload Haber Script | 2026-04-23 | N/A |
| SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4931 | 1 Hp | 1 System Management Homepage | 2026-04-23 | N/A |
| HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. | ||||
| CVE-2007-5633 | 2 Almico, Microsoft | 2 Speedfan, Windows Vista | 2026-04-23 | N/A |
| Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR. | ||||
| CVE-2007-5639 | 1 Nortel | 15 Ip Audio Conference Phone 2033, Ip Phone 1110, Ip Phone 1120e and 12 more | 2026-04-23 | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server. | ||||
| CVE-2007-5760 | 3 Redhat, X.org, Xfree86 Project | 3 Enterprise Linux, Xserver, Xfree86-misc | 2026-04-23 | N/A |
| Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. | ||||
| CVE-2007-5793 | 1 Stonesoft | 1 Stonegate Ips | 2026-04-23 | N/A |
| Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection. | ||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2026-04-23 | N/A |
| Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | ||||
| CVE-2007-5970 | 1 Oracle | 1 Mysql | 2026-04-23 | N/A |
| MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. | ||||
| CVE-2007-3881 | 1 Pictures Rating | 1 Pictures Rating | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | ||||