Export limit exceeded: 26345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1626 1 Eggblog 1 Eggblog 2026-04-23 N/A
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
CVE-2006-6581 1 Vernet Loic 1 Php Debug 2026-04-23 N/A
PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter.
CVE-2007-0208 1 Microsoft 4 Office, Word, Word Viewer and 1 more 2026-04-23 N/A
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
CVE-2008-6702 1 Stalker-game 1 S.t.a.l.k.e.r.\ 2026-04-23 N/A
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.
CVE-2008-1612 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-23 N/A
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
CVE-2008-5663 1 Kusaba 1 Kusaba 2026-04-23 N/A
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
CVE-2008-1557 1 Bolinos 1 Bolinos 2026-04-23 N/A
BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.
CVE-2007-1044 1 Pearson Education 1 Powerschool 2026-04-23 N/A
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2.
CVE-2008-5677 1 Kwalbum 1 Kwalbum 2026-04-23 N/A
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.
CVE-2007-1097 1 Wiclear 1 Wiclear 2026-04-23 N/A
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.
CVE-2007-1116 1 Mozilla 1 Firefox 2026-04-23 N/A
The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.
CVE-2007-1167 1 Dzcp 1 Dev\!l\'z Clanportal 2026-04-23 N/A
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
CVE-2007-1237 1 Bj Sintay 1 Sitex 2026-04-23 N/A
sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
CVE-2008-1535 1 Matti Kiviharju 1 Rekry Component 2026-04-23 N/A
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.
CVE-2007-1803 1 Maildwarf 1 Maildwarf 2026-04-23 N/A
Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses.
CVE-2008-1114 1 Vocera 1 Wireless Handset 2026-04-23 N/A
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
CVE-2007-2748 1 Php 1 Php 2026-04-23 N/A
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
CVE-2007-3389 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
CVE-2007-3391 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
CVE-2007-3400 1 Nctsoft 2 Nctaudioeditor, Nctaudiostudio 2026-04-23 N/A
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.