Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1289 1 Tyger 1 Bug Tracking System 2026-04-23 N/A
SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2007-1129 1 Mtcms 1 Mtcms 2026-04-23 N/A
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.
CVE-2006-6420 1 Ryan Demmer 1 Joomla Content Editor 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3229 1 Singapore 1 Image Gallery Web Application 2026-04-23 N/A
index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message.
CVE-2007-2772 1 Ca 1 Brightstor Arcserve Backup 2026-04-23 N/A
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
CVE-2006-5057 1 Ktools.net 1 Photostore 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php.
CVE-2006-7178 1 Madwifi 1 Madwifi 2026-04-23 N/A
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
CVE-2006-5869 1 Pstotext 1 Pstotext 2026-04-23 N/A
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
CVE-2006-5539 1 Ueberproject Management System 1 Ueberproject Management System 2026-04-23 N/A
PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter.
CVE-2006-5914 1 Samedia 1 Landshop 2026-04-23 N/A
SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018.
CVE-2007-0487 1 Zoneo-soft 1 Freeforum 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used
CVE-2006-5054 1 Iyzi Forum 1 Iyzi Forum 2026-04-23 N/A
SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.
CVE-2007-0491 1 Sky Gunning 1 Myspeach 2026-04-23 N/A
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.
CVE-2007-0496 1 Neon Labs 1 Neon Labs Website 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
CVE-2007-6680 1 Ibm 1 Aix 2026-04-23 N/A
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
CVE-2007-0498 1 Sky Gunning 1 Myspeach 2026-04-23 N/A
PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
CVE-2007-5591 1 Nortel 6 Communications Server, Meridian Option 11c, Meridian Option 51c and 3 more 2026-04-23 N/A
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.
CVE-2007-0161 1 Hp 21 Color Laserjet 4650, Officejet 4100, Officejet 5100 and 18 more 2026-04-23 N/A
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
CVE-2007-0689 1 Mybb 1 Mybb 2026-04-23 N/A
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
CVE-2007-0907 3 Php, Redhat, Trustix 5 Php, Enterprise Linux, Rhel Application Stack and 2 more 2026-04-23 N/A
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.