Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4101 | 1 Global Centre | 1 Aplomb Poll | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php. | ||||
| CVE-2007-2548 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2026-04-23 | N/A |
| Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." | ||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2026-04-23 | N/A |
| SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | ||||
| CVE-2007-2014 | 1 Mynews | 1 Mynews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. | ||||
| CVE-2008-1387 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | ||||
| CVE-2007-4102 | 1 Sblog | 1 Sblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string. | ||||
| CVE-2009-1381 | 1 Squirrelmail | 3 Imap General.php, Squirrelmail, Squirrelmail1.4.19-1 | 2026-04-23 | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579. | ||||
| CVE-2007-2018 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-1546 | 1 Mitsubishi Electric | 1 Gb | 2026-04-23 | N/A |
| servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems allows remote attackers to cause a denial of service (air-conditioning outage) via an XML document containing a setRequest command. | ||||
| CVE-2007-4104 | 1 Wp-feedstats | 1 Wordpress Plugin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string. | ||||
| CVE-2008-1594 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size. | ||||
| CVE-2007-2019 | 1 Tomex | 1 Phpgalleryscript | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter. | ||||
| CVE-2008-1619 | 2 Redhat, Xensource Inc | 2 Enterprise Linux, Xen | 2026-04-23 | N/A |
| The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | ||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4105 | 1 Baidu | 1 Soba Search Bar | 2026-04-23 | N/A |
| A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | ||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2026-04-23 | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | ||||
| CVE-2007-4106 | 1 Codewidgets | 2 Pay Roll - Time Sheet, Punch Card | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2007-2550 | 1 Devellion | 1 Cubecart | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. | ||||
| CVE-2008-3820 | 1 Cisco | 1 Security Manager | 2026-04-23 | N/A |
| Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports. | ||||
| CVE-2006-3888 | 1 Aol | 1 Ygp Pic Downloader Activex Control | 2026-04-23 | N/A |
| Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. | ||||