Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362815 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1698 | 1 Philex | 1 Philex | 2026-04-23 | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | ||||
| CVE-2009-4439 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. | ||||
| CVE-2008-3001 | 1 Drupal | 1 Aggregation Module | 2026-04-23 | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | ||||
| CVE-2009-4440 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. | ||||
| CVE-2009-4442 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. | ||||
| CVE-2007-1699 | 2 Joomla, Mambo | 2 Swmenu Component, Swmenu Component | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | ||||
| CVE-2007-1704 | 1 Joomla | 1 Car Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-1705 | 1 Active Trade | 1 Active Trade | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1706 | 1 Ewebquiz | 1 Ewebquiz | 2026-04-23 | N/A |
| SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. | ||||
| CVE-2008-3003 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." | ||||
| CVE-2007-1707 | 1 Net-side.net | 1 Net Side Content Management System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter. | ||||
| CVE-2007-1789 | 1 Flyspray | 1 Flyspray | 2026-04-23 | N/A |
| Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests. | ||||
| CVE-2009-0979 | 1 Oracle | 1 Database 9i | 2026-04-23 | N/A |
| Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| CVE-2009-4441 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. | ||||
| CVE-2009-4443 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. | ||||
| CVE-2009-4444 | 1 Microsoft | 1 Internet Information Services | 2026-04-23 | N/A |
| Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file. | ||||
| CVE-2007-1715 | 1 Free Php Scripts | 1 Free Image Hosting | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763. | ||||
| CVE-2008-3004 | 1 Microsoft | 2 Office, Office Excel Viewer | 2026-04-23 | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | ||||
| CVE-2007-1726 | 1 Icebb | 1 Icebb | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | ||||
| CVE-2007-1729 | 1 Revolutionproducts | 1 Flexbb | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php. | ||||