Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4052 | 1 Nukedit | 1 Nukedit | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7024 | 1 Harpia | 1 Harpia Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php. | ||||
| CVE-2006-7028 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error. | ||||
| CVE-2006-7029 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. | ||||
| CVE-2007-4063 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. | ||||
| CVE-2006-7035 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2025-04-09 | N/A |
| Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter. | ||||
| CVE-2006-7036 | 1 Andys Chat | 1 Andys Chat | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated. | ||||
| CVE-2006-7037 | 2 Mathsoft, Microsoft | 9 Mathcad, Windows 2000, Windows 2003 Server and 6 more | 2025-04-09 | N/A |
| Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext. | ||||
| CVE-2006-7038 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2025-04-09 | N/A |
| Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service. | ||||
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | ||||
| CVE-2007-4078 | 1 Alstrasoft | 1 Text Ads Enterprise | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php. | ||||
| CVE-2006-7119 | 1 Phpgiggle | 1 Phpgiggle | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter. | ||||
| CVE-2006-7120 | 1 Osu Open Source Lab | 1 Maintain | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php | ||||
| CVE-2006-7122 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. | ||||
| CVE-2006-7123 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php. | ||||
| CVE-2006-7124 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | ||||
| CVE-2007-4086 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php. | ||||
| CVE-2006-7133 | 1 Php Upload Tool | 1 Php Upload Tool | 2025-04-09 | N/A |
| Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter. | ||||
| CVE-2007-5424 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled. | ||||
| CVE-2006-7141 | 1 Oracle | 1 Database Server | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability | ||||