Search Results (121310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6732 1 Cwm-design 1 Cwmvote 2026-04-23 N/A
PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter.
CVE-2007-3799 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
CVE-2007-3804 1 Clavister 1 Clavister Coreplus 2026-04-23 N/A
The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files.
CVE-2007-3805 1 Clavister 1 Clavister Coreplus 2026-04-23 N/A
The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates.
CVE-2007-3807 1 Sitescape 1 Sitescape Forum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
CVE-2007-3808 1 Php Arena 1 Pafiledb 2026-04-23 N/A
SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.
CVE-2008-0131 1 Instantsoftwares 1 Dating Site 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0132 1 Pragmasys 1 Fortress Ssh 2026-04-23 N/A
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
CVE-2008-0134 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
CVE-2007-3817 1 Drupal 1 Logintoboggan Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations.
CVE-2007-3820 2 Kde, Redhat 2 Konqueror, Enterprise Linux 2026-04-23 N/A
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
CVE-2007-3826 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-23 N/A
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
CVE-2008-0138 1 Xoops 1 Xoopsgallery Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
CVE-2007-3829 2 Interactual Technologies, Roxio 2 Interactual Player, Cineplayer 2026-04-23 N/A
Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3830 1 Ibm 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
CVE-2008-0141 1 Webportal Cms Project 1 Webportal Cms 2026-04-23 7.5 High
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
CVE-2008-0142 1 Webportal 1 Webportal Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.
CVE-2007-3832 1 Cerulean Studios 1 Trillian 2026-04-23 N/A
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
CVE-2008-0144 1 Phprisk 1 Netrisk 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
CVE-2007-3834 1 Exlibris Group 1 Aleph 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835.