Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363403 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4397 2 Fr.simon Rundell, Typo3 2 Pd Resources, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2840 1 Exerocms 1 Exero Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.
CVE-2007-0546 1 Toxiclab 1 Shoutbox 2026-04-23 N/A
Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.
CVE-2009-0919 1 Apachefriends 1 Xampp 2026-04-23 N/A
XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
CVE-2009-4398 2 Fr.simon Rundell, Typo3 2 Hs Religiousartgallery, Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2384 3 Apache, Joey Schulze, Redhat 3 Http Server, Mod Auth Mysql, Enterprise Linux 2026-04-23 N/A
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
CVE-2008-2853 1 Easy Webstore 1 Easy Webstore 2026-04-23 N/A
SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
CVE-2007-0555 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
CVE-2009-4399 2 Fr.simon Rundell, Typo3 2 Hs Religiousartgallery, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-0556 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
CVE-2007-0557 1 Rmake 1 Rmake 2026-04-23 N/A
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.
CVE-2008-2865 1 Kalptaru Infotech 1 Php Site Lock 2026-04-23 N/A
SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.
CVE-2009-0934 1 Process-one 1 Ejabberd 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
CVE-2007-0563 1 Symantec 1 Web Security 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.
CVE-2007-0564 1 Symantec 1 Web Security 2026-04-23 N/A
The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.
CVE-2007-0565 1 Cgi-rescue 1 Shopping Basket Professional 2026-04-23 N/A
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.
CVE-2007-0566 1 Asp News 1 Asp News 2026-04-23 N/A
SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0567 1 Interactive-scripts.com 1 Php Membership Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter.
CVE-2007-0568 1 Myphpcommander 1 Myphpcommander 2026-04-23 N/A
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.
CVE-2007-0571 1 Phpmyreports 1 Phpmyreports 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.