Export limit exceeded: 363807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4094 1 Idevspot 1 Phphostbot 2026-04-23 N/A
PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776.
CVE-2007-4095 1 Bsm Store 1 Dependent Forums 2026-04-23 N/A
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.
CVE-2007-4096 1 Tor 1 Tor 2026-04-23 N/A
Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2008-5009 1 Sun 2 Solstice X.25, Sunos 2026-04-23 N/A
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
CVE-2007-4097 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.
CVE-2007-4098 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
CVE-2008-5010 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
CVE-2007-4100 1 Mldonkey 1 Mldonkey 2026-04-23 N/A
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
CVE-2008-5011 1 Ibm 2 Lotus, Lotus Domino 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
CVE-2007-4108 1 Codewidgets 1 Online Event Registration Template 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2009-2240 1 Ad2000 1 Free-sw Leger 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4111 1 Codewidgets 1 Real Estate Listing Website Application Template 2026-04-23 N/A
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4114 1 Suskunduygular 1 Suskunduygular Uyelik Sistemi 2026-04-23 N/A
Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2241 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2007-4116 1 Metyus 1 Forum Portal 2026-04-23 N/A
SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.
CVE-2008-5014 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
CVE-2009-2242 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-04-23 N/A
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2007-4120 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims
CVE-2007-4124 1 Hitachi 14 Cosminexus Application Server, Cosminexus Collaboration Portal, Cosminexus Developer and 11 more 2026-04-23 N/A
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.
CVE-2008-5019 4 Canonical, Debian, Mozilla and 1 more 4 Ubuntu Linux, Debian Linux, Firefox and 1 more 2026-04-23 N/A
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.