Export limit exceeded: 363099 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363099 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0649 1 Openemr 1 Openemr 2026-04-23 N/A
Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.
CVE-2006-5107 1 Devellion 1 Cubecart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
CVE-2006-6742 1 Hp 3 Ftp Print Server, Laserjet 5000, Laserjet 5100 2026-04-23 N/A
Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command.
CVE-2006-6741 1 Mkportal 1 Mkportal 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.
CVE-2006-6740 1 Phpprofiles 1 Phpprofiles 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5106 1 Facileforms 1 Facileforms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-5104 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.
CVE-2007-0648 1 Cisco 1 Ios 2026-04-23 N/A
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
CVE-2006-6739 1 Paristemi 1 Paristemi 2026-04-23 N/A
PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689.
CVE-2007-1459 1 Webcreator 1 Webcreator 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.
CVE-2007-0647 1 Apple 1 Mac Os X 2026-04-23 N/A
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
CVE-2006-6738 1 Cwm-design 1 Cwmcounter 2026-04-23 N/A
PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0524 1 Lg Electronics 1 Chocolate Kg800 2026-04-23 N/A
The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
CVE-2007-1407 1 Open Solution 1 Quick.cart 2026-04-23 N/A
Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
CVE-2007-1787 1 Softerra 1 Time-assistant 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter.
CVE-2006-5041 1 Joomla 2 Com Hotproperties, Hot Properties 2026-04-23 N/A
Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-6689 1 Paristemi 1 Paristemi 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0525 1 Grigoriadis 1 Mini Web Server 2026-04-23 N/A
Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.
CVE-2007-1788 1 Flyspray 1 Flyspray 2026-04-23 N/A
Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.
CVE-2006-5042 1 Joomla 2 Com Mosmedia, Mosmedia 2026-04-23 N/A
Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.