Export limit exceeded: 366623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2090 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-2121 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. | ||||
| CVE-2007-4070 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. | ||||
| CVE-2007-2188 | 1 Extremail | 1 Extremail | 2026-04-23 | N/A |
| eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. | ||||
| CVE-2007-2189 | 1 Mx Smartor | 1 Full Album Pack | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-5551 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-2146 | 1 Minigal | 1 Minigal | 2026-04-23 | N/A |
| The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2147 | 1 Stephen Craton | 1 Chatness | 2026-04-23 | N/A |
| admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. | ||||
| CVE-2007-2190 | 1 Eba News | 1 Eba News | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | ||||
| CVE-2007-2149 | 1 Stephen Craton | 1 Chatness | 2026-04-23 | N/A |
| Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php. | ||||
| CVE-2007-2180 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. | ||||
| CVE-2007-2181 | 1 Webinsta | 1 Fm Manager | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748. | ||||
| CVE-2007-2183 | 1 Php-ring | 1 Webring System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter. | ||||
| CVE-2007-2203 | 1 Big Blue | 1 Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form. | ||||
| CVE-2007-2207 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. | ||||
| CVE-2007-2208 | 1 Extreme Phpbb | 1 Extreme Phpbb | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/. | ||||
| CVE-2007-2212 | 1 Mybb | 1 Mybb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2213 | 1 Ipswitch | 1 Ws Ftp | 2026-04-23 | N/A |
| Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments." | ||||
| CVE-2007-2271 | 1 Rajneel Lal Totaram | 1 Usp Foss Distribution | 2026-04-23 | N/A |
| Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter. | ||||
| CVE-2007-2247 | 1 Phpmyspace | 1 Phpmyspace | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||