Export limit exceeded: 348879 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348879 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1593 | 1 Armorlogic | 1 Profense Web Application Firewall | 2026-04-23 | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element. | ||||
| CVE-2007-1147 | 1 Hbm | 1 Hbm | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter. | ||||
| CVE-2007-6470 | 1 Phprpg | 1 Phprpg | 2026-04-23 | N/A |
| phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies. | ||||
| CVE-2008-3653 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. | ||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2026-04-23 | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | ||||
| CVE-2007-1148 | 1 Lovecms | 1 Lovecms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. | ||||
| CVE-2007-6472 | 1 Phpmyrealty | 1 Phpmyrealty | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3655 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2026-04-23 | N/A |
| Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. | ||||
| CVE-2008-6536 | 1 7-zip | 1 7-zip | 2026-04-23 | N/A |
| Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10). | ||||
| CVE-2009-2566 | 1 Tfm | 1 Mmplayer | 2026-04-23 | N/A |
| Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file. | ||||
| CVE-2007-1149 | 1 Lovecms | 1 Lovecms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI. | ||||
| CVE-2007-1150 | 1 Lovecms | 1 Lovecms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/. | ||||
| CVE-2007-6473 | 1 Texas Imperial Software | 1 Wftpd Pro Explorer | 2026-04-23 | N/A |
| Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command. | ||||
| CVE-2008-6538 | 1 Holger Schurig | 1 Destar | 2026-04-23 | N/A |
| DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser. | ||||
| CVE-2007-1151 | 1 Lovecms | 1 Lovecms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | ||||
| CVE-2007-6474 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors. | ||||
| CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6475 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php. | ||||
| CVE-2007-1153 | 1 Cutephp | 1 Cutenews | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445. | ||||
| CVE-2007-6476 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2026-04-23 | N/A |
| GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. | ||||