Export limit exceeded: 18570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351454 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351454 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351454 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6142 | 1 Salims Softhouse | 1 Jaf Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6143 | 1 Vu | 1 Case Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2008-5861 | 1 Freelyrics | 1 Freelyrics | 2026-04-23 | N/A |
| Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6149 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2026-04-23 | N/A |
| Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation. | ||||
| CVE-2007-6145 | 1 Hitachi | 1 Jp1 File Transmission Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. | ||||
| CVE-2007-6146 | 1 Hitachi | 1 Jp1 File Transmission Server | 2026-04-23 | N/A |
| Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. | ||||
| CVE-2007-6151 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow. | ||||
| CVE-2007-6157 | 1 Simplegallery | 1 Simplegallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | ||||
| CVE-2007-6158 | 1 Proverbs | 1 Proverbs Web Calendar | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. | ||||
| CVE-2007-6159 | 1 Tilde | 1 Tilde Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500. | ||||
| CVE-2007-6160 | 1 Tilde | 1 Tilde Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action. | ||||
| CVE-2007-6161 | 1 Tilde | 1 Tilde Cms | 2026-04-23 | N/A |
| index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. | ||||
| CVE-2007-6162 | 1 Wsdeluxe | 1 Fmdeluxe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action. | ||||
| CVE-2007-6163 | 1 Gouae | 1 Dwd Realty | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6164 | 1 Eurologon | 1 Eurologon Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php. | ||||
| CVE-2006-6282 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear. | ||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2026-04-23 | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | ||||
| CVE-2007-6169 | 1 Gouae | 1 Dwd Realty | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6170 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2026-04-23 | N/A |
| SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. | ||||
| CVE-2007-6171 | 1 Digium | 1 Asterisk | 2026-04-23 | N/A |
| SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||