Export limit exceeded: 363054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363054 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1401 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
CVE-2006-5034 1 Paul Smith Computer Services 1 Vcap 2026-04-23 N/A
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2007-0505 1 Drupal 2 Project, Project Issue Tracking Module 2026-04-23 N/A
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
CVE-2006-6683 1 Pedro Lineu Orso 1 Chetcpasswd 2026-04-23 N/A
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
CVE-2006-5032 1 Phpartenaire 1 Phpartenaire 2026-04-23 N/A
PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter.
CVE-2006-6682 1 Chetcpasswd Project 1 Chetcpasswd 2026-04-23 N/A
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.
CVE-2006-5031 1 Cakephp 1 Cakephp 2026-04-23 N/A
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
CVE-2006-5030 1 Exv2 1 Content Management System 2026-04-23 N/A
SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
CVE-2007-0485 1 Webchat.org 1 Webchat 2026-04-23 N/A
PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.
CVE-2006-6681 1 Chetcpasswd 1 Chetcpasswd 2026-04-23 N/A
Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.
CVE-2006-5029 1 Woltlab 1 Burning Board 2026-04-23 N/A
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
CVE-2007-1400 1 Plesh 1 Plesh 2026-04-23 N/A
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.
CVE-2007-0484 1 Enthusiast 1 Enthusiast 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6680 1 Chetcpasswd 1 Chetcpasswd 2026-04-23 N/A
Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.
CVE-2006-5028 1 Swsoft 2 Plesk, Plesk Reload 2026-04-23 N/A
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
CVE-2006-5027 1 Jeroen Vennegoor 1 Jevoncms 2026-04-23 N/A
Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages.
CVE-2006-6645 1 Mxbb 1 Mxbb Web Links 2026-04-23 N/A
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2007-0474 1 Smb4k 1 Smb4k 2026-04-23 N/A
Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
CVE-2007-1394 1 Flat Chat 1 Flat Chat 2026-04-23 N/A
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
CVE-2006-6646 1 Drupal 2 Drupal Project, Drupal Project Issue Tracking 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function.