Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 76–100 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2006-6975 | CRITICAL | 9.8 | 2007-02-08 | PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. N… | |
| CVE-2006-7079 | CRITICAL | Patched | 9.8 | 2007-03-02 | Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory t… |
| CVE-2006-7105 | CRITICAL | 9.8 | 2007-03-03 | PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. … | |
| CVE-2007-1383 | CRITICAL | 9.8 | 2007-03-10 | Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes th… | |
| CVE-2007-1399 | CRITICAL | Patched | 9.8 | 2007-03-10 | Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code … |
| CVE-2007-1966 | CRITICAL | 9.1 | 2007-04-11 | Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. | |
| CVE-2007-2020 | CRITICAL | 9.8 | 2007-04-12 | Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerabilit… | |
| CVE-2007-2422 | CRITICAL | 9.8 | 2007-05-02 | Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in … | |
| CVE-2007-2534 | CRITICAL | 9.8 | 2007-05-09 | Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PA… | |
| CVE-2007-3194 | CRITICAL | 9.8 | 2007-06-12 | Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (… | |
| CVE-2007-3798 | CRITICAL | Patched | 9.8 | 2007-07-16 | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, relate… |
| CVE-2007-4039 | CRITICAL | 9.8 | 2007-07-27 | Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitra… | |
| CVE-2007-4043 | CRITICAL | Patched | 9.8 | 2007-07-27 | file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with… |
| CVE-2007-4290 | CRITICAL | 9.8 | 2007-08-09 | Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1… | |
| CVE-2007-4559 | CRITICAL | Patched | 9.8 | 2007-08-28 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitra… |
| CVE-2007-3010 | CRITICAL | Patched | 9.8 | 2007-09-18 | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shel… |
| CVE-2007-5097 | CRITICAL | 9.8 | 2007-09-26 | PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code… | |
| CVE-2007-5565 | CRITICAL | 9.8 | 2007-10-18 | PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir paramet… | |
| CVE-2007-5775 | CRITICAL | 9.8 | 2007-11-01 | Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure … | |
| CVE-2007-6013 | CRITICAL | Patched | 9.8 | 2007-11-19 | Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from … |
| CVE-2008-0081 | CRITICAL | 9.8 | 2008-01-16 | Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code… | |
| CVE-2008-0174 | CRITICAL | Patched | 9.8 | 2008-01-29 | GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows… |
| CVE-2008-0062 | CRITICAL | Patched | 9.8 | 2008-03-19 | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly … |
| CVE-2008-1160 | CRITICAL | 9.8 | 2008-03-25 | ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | |
| CVE-2008-1511 | CRITICAL | 9.8 | 2008-03-25 | Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) c… |