Export limit exceeded: 17797 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346750 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346750 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2778 | 1 Revokesoft | 1 Revokebb | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter. | ||||
| CVE-2008-5320 | 1 E107 | 1 E107 | 2026-04-23 | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter. | ||||
| CVE-2006-7027 | 1 Microsoft | 1 Isa Server | 2026-04-23 | N/A |
| Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. | ||||
| CVE-2008-4672 | 1 Goodlyrics | 1 Lyrics Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4673 | 1 Webbiscuits | 1 Events Calendar | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters. | ||||
| CVE-2008-4674 | 1 Conkurent | 1 Real Estate | 2026-04-23 | N/A |
| SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode. | ||||
| CVE-2006-7032 | 1 Tufat | 1 Flashbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2009-1425 | 1 Hp | 3 Procurve Switch 5400zl, Procurve Switch 8200zl, Procurve Threat Management Services Zl Module | 2026-04-23 | N/A |
| Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424. | ||||
| CVE-2009-3205 | 1 Cbauthority | 1 Cbauthority | 2026-04-23 | N/A |
| SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action. | ||||
| CVE-2009-3208 | 1 Prakashatma Mishra | 1 Phpfreebb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php. | ||||
| CVE-2009-3985 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||||
| CVE-2007-1961 | 1 Phpbb | 1 Mutant | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-1963 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2026-04-23 | N/A |
| SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | ||||
| CVE-2008-4678 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." | ||||
| CVE-2008-4679 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. | ||||
| CVE-2008-4682 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. | ||||
| CVE-2008-4690 | 2 Lynx, Redhat | 2 Lynx, Enterprise Linux | 2026-04-23 | N/A |
| lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. | ||||
| CVE-2008-4696 | 1 Opera | 1 Opera | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). | ||||
| CVE-2007-3379 | 1 Redhat | 2 Enterprise Linux, Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command. | ||||
| CVE-2008-4699 | 1 Microsoft | 1 Peachtree Accounting | 2026-04-23 | N/A |
| Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method. | ||||