Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0304 1 Mint 1 Haber Sistemi 2026-04-23 N/A
SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0306 1 Digiappz 1 Digiaffiliate 2026-04-23 N/A
SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2025 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
CVE-2007-0340 1 Thwboard 1 Thwboard 2026-04-23 N/A
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
CVE-2006-6123 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
CVE-2006-5005 1 Ibm 1 Aix 2026-04-23 N/A
Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.
CVE-2006-5007 1 Ibm 1 Aix 2026-04-23 N/A
Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
CVE-2006-5010 1 Ibm 1 Aix 2026-04-23 N/A
Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.
CVE-2006-6116 1 Fipsasp 1 Fipsforum 2026-04-23 N/A
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
CVE-2008-3837 4 Canonical, Debian, Mozilla and 1 more 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2026-04-23 N/A
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
CVE-2007-1061 1 Francisco Burzi 1 Php-nuke 2026-04-23 N/A
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).
CVE-2006-6328 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
CVE-2006-5633 1 Mozilla 2 Firefox, Seamonkey 2026-04-23 N/A
Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.
CVE-2007-0239 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-23 N/A
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
CVE-2007-3557 1 Wheatblog 1 Wheatblog 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
CVE-2006-4181 1 Gnu 1 Radius 2026-04-23 N/A
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2006-6117 1 Fipsasp 1 Fipsgallery 2026-04-23 N/A
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
CVE-2007-1422 1 Duyuru Scripti 1 Duyuru Scripti 2026-04-23 N/A
SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
CVE-2007-2289 1 Alexscriptengine 1 Download-engine 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW.
CVE-2007-2291 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.