Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0939 | 1 Microsoft | 1 Content Management Server | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." | ||||
| CVE-2007-2947 | 1 David Branco | 1 Openbase | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. | ||||
| CVE-2007-0483 | 1 Enthusiast | 1 Enthusiast | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0091 | 1 Katy Whitton Web Development | 1 Newscmslite | 2025-04-09 | N/A |
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | ||||
| CVE-2007-2068 | 1 Storefront For Gallery | 1 Storefront Gallery | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php. | ||||
| CVE-2007-2069 | 1 Openmairie | 1 Openmairie | 2025-04-09 | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter. | ||||
| CVE-2007-4275 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd. | ||||
| CVE-2007-0094 | 1 Sven Moderow | 1 Sven Moderow Guestbook | 2025-04-09 | N/A |
| Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. | ||||
| CVE-2008-1261 | 1 Zyxel | 1 P-2602hw-d1a | 2025-04-09 | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI. | ||||
| CVE-2007-2071 | 1 Open-gorotto | 1 Open-gorotto | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. | ||||
| CVE-2008-1148 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2025-04-09 | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. | ||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2025-04-09 | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | ||||
| CVE-2007-1258 | 1 Cisco | 4 Catalyst 6000, Catalyst 6500, Catalyst 7600 and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. | ||||
| CVE-2007-3071 | 1 Digital River | 1 Esellerate Sdk | 2025-04-09 | N/A |
| Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. | ||||
| CVE-2007-2083 | 1 Zonelabs | 1 Zonealarm | 2025-04-09 | N/A |
| vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. | ||||
| CVE-2007-4281 | 1 Knowledgetree | 1 Open Source | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors. | ||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2025-04-09 | N/A |
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | ||||
| CVE-2007-4282 | 1 Serendipity | 1 Serendipity | 2025-04-09 | N/A |
| The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked. | ||||
| CVE-2007-3067 | 1 Eqdkp | 1 Attunement And Key | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php. | ||||
| CVE-2007-2088 | 1 Sitebar | 1 Sitebar | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php. | ||||