Export limit exceeded: 29894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6050 | 1 Clicktech | 1 Texas Rankem | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp. | ||||
| CVE-2007-1434 | 1 Grayscale | 1 Grayscale Blog | 2025-04-09 | N/A |
| SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php. | ||||
| CVE-2007-4424 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. | ||||
| CVE-2007-2702 | 1 Oracle | 1 Weblogic Portal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor. | ||||
| CVE-2007-4131 | 3 Gnu, Redhat, Rpath | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. | ||||
| CVE-2006-6051 | 1 Mamboxchange | 1 Mosreporter | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-3545 | 1 Warzone | 1 Warzone 2100 Resurrection | 2025-04-09 | N/A |
| Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music. | ||||
| CVE-2007-3543 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. | ||||
| CVE-2007-3535 | 1 Frank Karau | 1 Gl-sh Deaf Forum | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. | ||||
| CVE-2007-3519 | 1 Wesmo | 1 Phpeventcalendar | 2025-04-09 | N/A |
| SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2611 | 1 Cgx | 1 Cgx | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/. | ||||
| CVE-2009-4136 | 2 Postgresql, Redhat | 2 Postgresql, Enterprise Linux | 2025-04-09 | N/A |
| PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. | ||||
| CVE-2007-2599 | 1 Wavelink Media | 1 Tutorialcms | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. | ||||
| CVE-2007-4381 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | ||||
| CVE-2007-3726 | 1 Rarlab | 1 Unrar | 2025-04-09 | N/A |
| Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. | ||||
| CVE-2007-2597 | 1 Telltargetcms | 1 Telltarget Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/. | ||||
| CVE-2007-1555 | 1 Minerva | 1 Minerva | 2025-04-09 | N/A |
| SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||||
| CVE-2007-1554 | 1 Guestbara | 1 Guestbara | 2025-04-09 | N/A |
| Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3718 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. | ||||
| CVE-2007-1551 | 1 Phpx | 1 Phpx | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php. | ||||