Search Results (121318 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0707 1 Powerscripts 1 Powerclan 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
CVE-2009-1685 1 Apple 1 Safari 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
CVE-2009-1688 1 Apple 1 Safari 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."
CVE-2006-6937 1 Pensacola Web Designs 1 Xtremeasp Photogallery 2026-04-23 N/A
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
CVE-2007-3189 1 Jffnms 1 Just For Fun Network Management System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-6000 1 Kde 1 Konqueror 2026-04-23 N/A
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
CVE-2009-1694 1 Apple 1 Safari 2026-04-23 N/A
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."
CVE-2007-3694 1 Getmiro 1 Broadcast Machine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2007-5986 1 Btiteam 1 Btitracker 2026-04-23 N/A
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-5973 1 Jportal 1 Jportal Web Portal 2026-04-23 N/A
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2007-3858 1 Oracle 1 Database Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13).
CVE-2007-1079 1 Rhinosoft 1 Ftp Voyager 2026-04-23 N/A
Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.
CVE-2007-1059 1 Ultimate Fun Book 1 Ultimate Fun Book 2026-04-23 N/A
PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.
CVE-2008-3742 1 Drupal 1 Drupal 2026-04-23 N/A
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
CVE-2007-4323 1 Denyhosts 1 Denyhosts 2026-04-23 N/A
DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.
CVE-2007-3840 1 Sitetrafficstats 1 Sitetrafficstats 2026-04-23 N/A
SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2007-3812 1 Cmscout 1 Cmscout 2026-04-23 N/A
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
CVE-2007-3803 1 Clavister 1 Clavister Coreplus 2026-04-23 N/A
The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.
CVE-2007-3774 1 Dvbbs 1 Dvbbs 2026-04-23 N/A
Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.
CVE-2007-5948 1 Script-fun 1 Sf-shoutbox 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.