Export limit exceeded: 362653 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362653 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7145 1 Call-center-software 1 Call-center-software 2026-04-23 N/A
edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter.
CVE-2006-5796 1 Soholaunch 1 Soholaunch Pro Edition 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php.
CVE-2006-7146 1 Cuttlefish 1 Leicestershire Communityportals 2026-04-23 N/A
PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions
CVE-2006-5797 1 Xenis 1 Xenis.creator Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters.
CVE-2006-7147 1 Phpbb 1 Import Tools 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-1051 1 Comodo 1 Comodo Firewall Pro 2026-04-23 N/A
Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.
CVE-2007-1640 1 Classweb 1 Classweb 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.
CVE-2007-1854 1 Hitachi 7 Cosminexus Component Container, Electronic Form Workflow, Ucosminexus Application Server and 4 more 2026-04-23 N/A
Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact related to "unintended other requests."
CVE-2006-5798 1 Xenis 1 Xenis.creator Cms 2026-04-23 N/A
SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter.
CVE-2006-5799 1 Xenis 1 Xenis.creator Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters.
CVE-2006-7148 1 Phpbb 1 Maluinfo 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
CVE-2007-1052 1 Pblang 1 Pblang 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation
CVE-2007-1641 1 Portailphp 1 Portailphp 2026-04-23 N/A
SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter.
CVE-2006-5800 1 Xenis 1 Xenis.creator Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5801 1 Owfs 1 Owfs 2026-04-23 N/A
The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell.
CVE-2006-5802 1 The Web Drivers 1 Simple Forum 2026-04-23 N/A
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-7149 1 Mambo 1 Mambo 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.
CVE-2006-5805 1 Microsoft 1 Ie 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
CVE-2006-7150 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
CVE-2007-1642 1 Manageengine 1 Firewall Analyzer 2026-04-23 N/A
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.