Search Results (363519 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4518 2 Drupal, Mark Burton 2 Drupal, Insertnode 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.
CVE-2007-3525 1 Ripe Website Manager 1 Ripe Website Manager 2026-04-23 N/A
Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4544 1 Cromosoft 1 Facil Helpdesk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2007-3526 1 Vastal I-tech 1 Buddy Zone 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
CVE-2009-4555 1 K-factor 1 Agoracart 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account.
CVE-2009-4569 1 Elkagroup 1 Image Gallery 2026-04-23 N/A
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.
CVE-2009-4570 1 Phpshop 1 Phpshop 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.
CVE-2009-4580 1 Hastablog 1 Hasta Blog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) yorumyaz.php and (2) blog.php.
CVE-2009-4591 1 Secureideas 1 Base 2026-04-23 N/A
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-3532 2 Gentoo, Nvidia 2 Linux, Video Driver 2026-04-23 N/A
NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information.
CVE-2008-1241 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
CVE-2007-3533 1 3com 1 3cnj220 2026-04-23 N/A
The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field.
CVE-2008-1245 1 Belkin 1 F5d7230-4 2026-04-23 N/A
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.
CVE-2008-1248 1 Snom 1 320 Sip Phone 2026-04-23 N/A
The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440.
CVE-2008-1249 1 Snom 1 320 Sip Phone 2026-04-23 N/A
snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Call a number" field.
CVE-2007-3543 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
CVE-2007-3554 1 Hp 1 Instant Support 2026-04-23 N/A
Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
CVE-2007-3561 1 Webixir 1 Efendy Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3562 1 Php Director 1 Php Director 2026-04-23 N/A
SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3564 1 Libcurl 1 Libcurl 2026-04-23 N/A
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.