Export limit exceeded: 364529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0774 2 Apache, Redhat 3 Tomcat Jk Web Server Connector, Rhel Application Server, Rhel Application Stack 2026-04-23 N/A
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
CVE-2007-1704 1 Joomla 1 Car Manager 2026-04-23 N/A
SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1459 1 Webcreator 1 Webcreator 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.
CVE-2007-1086 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 Universal Database and 3 more 2026-04-23 N/A
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."
CVE-2006-6386 1 Drupal 1 Cvs Management And Tracker 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.
CVE-2006-6237 1 Woltlab 1 Burning Board Lite 2026-04-23 N/A
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
CVE-2007-0553 1 Phproxy 1 Phproxy 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information.
CVE-2006-6355 1 Duware 1 Duclassmate 2026-04-23 N/A
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
CVE-2007-4141 1 Openrat 1 Openrat Cms 2026-04-23 N/A
OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message.
CVE-2006-6339 1 Devilz Clanportal 1 Devilz Clanportal 2026-04-23 N/A
SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request.
CVE-2007-4205 2 Bluecat Networks, Linux-ha 2 Adonis, Heartbeat 2026-04-23 N/A
XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
CVE-2008-4503 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."
CVE-2007-0474 1 Smb4k 1 Smb4k 2026-04-23 N/A
Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
CVE-2006-6621 6 Avg, Comodo, Filseclab and 3 more 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more 2026-04-23 N/A
Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
CVE-2007-4046 1 Joomla 1 Pony Gallery 2026-04-23 N/A
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-3748 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
CVE-2007-4047 1 Geoblog 1 Geoblog 2026-04-23 N/A
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
CVE-2007-3524 1 Ripe Website Manager 1 Ripe Website Manager 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.
CVE-2007-3423 1 Web-app.org 1 Webapp 2026-04-23 N/A
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
CVE-2007-3525 1 Ripe Website Manager 1 Ripe Website Manager 2026-04-23 N/A
Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.