Export limit exceeded: 366623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2090 1 Tumusika Evolution 1 Tumusika Evolution 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2007-2121 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.
CVE-2007-4070 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.
CVE-2007-2188 1 Extremail 1 Extremail 2026-04-23 N/A
eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.
CVE-2007-2189 1 Mx Smartor 1 Full Album Pack 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-5551 1 Cisco 1 Ios 2026-04-23 N/A
Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-2146 1 Minigal 1 Minigal 2026-04-23 N/A
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2147 1 Stephen Craton 1 Chatness 2026-04-23 N/A
admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.
CVE-2007-2190 1 Eba News 1 Eba News 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.
CVE-2007-2149 1 Stephen Craton 1 Chatness 2026-04-23 N/A
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.
CVE-2007-2180 1 Nullsoft 1 Winamp 2026-04-23 N/A
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
CVE-2007-2181 1 Webinsta 1 Fm Manager 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.
CVE-2007-2183 1 Php-ring 1 Webring System 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter.
CVE-2007-2203 1 Big Blue 1 Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.
CVE-2007-2207 1 Ripe Website Manager 1 Ripe Website Manager 2026-04-23 N/A
SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter.
CVE-2007-2208 1 Extreme Phpbb 1 Extreme Phpbb 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/.
CVE-2007-2212 1 Mybb 1 Mybb 2026-04-23 N/A
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2213 1 Ipswitch 1 Ws Ftp 2026-04-23 N/A
Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
CVE-2007-2271 1 Rajneel Lal Totaram 1 Usp Foss Distribution 2026-04-23 N/A
Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.
CVE-2007-2247 1 Phpmyspace 1 Phpmyspace 2026-04-23 N/A
SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.