Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3587 1 Mycms 1 Mycms 2026-04-23 N/A
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
CVE-2008-0028 1 Cisco 4 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 and 1 more 2026-04-23 N/A
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
CVE-2006-6128 1 Linux 1 Linux Kernel 2026-04-23 N/A
The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed.
CVE-2008-0236 1 Microsoft 1 Visual Foxpro 2026-04-23 N/A
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.
CVE-2007-3599 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.
CVE-2007-3053 1 Calimero.cms 1 Calimero.cms 2026-04-23 N/A
Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-3600 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
CVE-2006-6008 1 Netkit 1 Netkit 2026-04-23 N/A
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
CVE-2007-4014 1 Wordpress 3 Blix, Blixed, Blixkrieg 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3055 1 Codelib 1 Linker 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2007-3603 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
CVE-2007-2538 1 Runcms 1 Runcms 2026-04-23 N/A
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.
CVE-2007-3604 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.
CVE-2007-3057 1 Xoops 1 Icontent Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
CVE-2006-6332 1 Madwifi 1 Madwifi 2026-04-23 N/A
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
CVE-2008-0445 1 Elog 1 Elog 2026-04-23 N/A
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
CVE-2007-4010 1 Php 1 Php 2026-04-23 N/A
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
CVE-2007-3062 1 Hp 1 System Management Homepage 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3608 1 Sap 1 Enjoysap 2026-04-23 N/A
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
CVE-2006-6067 1 20 20 Applications 1 20 20 Datashed 2026-04-23 N/A
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.