Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4140 | 2 Matomo, Teethgrinder.co.uk | 2 Matomo, Open Flash Chart | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/. | ||||
| CVE-2006-5052 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | ||||
| CVE-2007-1496 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | ||||
| CVE-2006-5212 | 1 Trend Micro | 1 Officescan | 2026-04-23 | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. | ||||
| CVE-2006-5209 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-6435 | 1 Xerox | 1 Workcentre | 2026-04-23 | N/A |
| The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack. | ||||
| CVE-2006-6449 | 1 Vt-forum | 1 Vt-forum Lite | 2026-04-23 | N/A |
| Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0340 | 1 Thwboard | 1 Thwboard | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. | ||||
| CVE-2006-5044 | 2 Joomla, Mambo | 2 Prince Clan Chess Component, Prince Clan Chess Component | 2026-04-23 | N/A |
| Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. | ||||
| CVE-2007-4484 | 1 My Referer | 1 My Referer | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter. | ||||
| CVE-2009-1358 | 1 Debian | 2 Advanced Package Tool, Apt | 2026-04-23 | N/A |
| apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories. | ||||
| CVE-2008-1203 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. | ||||
| CVE-2006-5066 | 1 Danphpsupport | 1 Danphpsupport | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php. | ||||
| CVE-2006-6137 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. | ||||
| CVE-2006-6846 | 1 Cybercoded | 1 While You Were Out Inout Board | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp. | ||||
| CVE-2007-2306 | 1 Vwar | 1 Virtual War | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php. | ||||
| CVE-2007-5156 | 4 Cardinal Cms Project, Redlinesoft, Sitex Cms Project and 1 more | 4 Cardinal Cms, Lanai Cms, Sitex Cms and 1 more | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. | ||||
| CVE-2007-0702 | 1 Phpeventman | 1 Phpeventman | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php. | ||||
| CVE-2006-7176 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2026-04-23 | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | ||||
| CVE-2006-6102 | 3 Redhat, X.org, Xfree86 Project | 3 Enterprise Linux, X.org, Xfree86 X Server | 2026-04-23 | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | ||||