Export limit exceeded: 347464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347464 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6157 | 1 Simplegallery | 1 Simplegallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | ||||
| CVE-2007-6299 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | ||||
| CVE-2007-6300 | 1 Fusion News | 1 Fusion News | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors. | ||||
| CVE-2007-5733 | 1 Japanese Php Gallery Hosting | 1 Japanese Php Gallery Hosting | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5734 | 1 Efileman | 1 Efileman | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html. | ||||
| CVE-2007-5735 | 1 Efileman | 1 Efileman | 2026-04-23 | N/A |
| eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm. | ||||
| CVE-2007-5736 | 1 Seeblick | 1 Seeblick | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS. | ||||
| CVE-2007-5737 | 1 Ghlab | 1 Korean Ghboard | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request. | ||||
| CVE-2007-5738 | 1 Ghlab | 1 Korean Ghboard | 2026-04-23 | N/A |
| The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html. | ||||
| CVE-2007-6158 | 1 Proverbs | 1 Proverbs Web Calendar | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. | ||||
| CVE-2007-6301 | 1 Open Newsletter | 1 Open Newsletter | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||
| CVE-2007-5739 | 1 Ghlab | 1 Korean Ghboard | 2026-04-23 | N/A |
| Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | ||||
| CVE-2007-6159 | 1 Tilde | 1 Tilde Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500. | ||||
| CVE-2007-5740 | 1 Vergenet | 1 Perdition Mail Retrieval Proxy | 2026-04-23 | N/A |
| The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. | ||||
| CVE-2007-5741 | 1 Plone | 1 Plone | 2026-04-23 | N/A |
| Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | ||||
| CVE-2007-5742 | 1 Wesnoth | 1 Wesnoth | 2026-04-23 | N/A |
| Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | ||||
| CVE-2007-5745 | 2 Openoffice, Redhat | 2 Openoffice, Enterprise Linux | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. | ||||
| CVE-2007-6160 | 1 Tilde | 1 Tilde Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action. | ||||
| CVE-2007-5746 | 2 Openoffice, Redhat | 2 Openoffice.org, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow. | ||||
| CVE-2007-5747 | 2 Redhat, Sun | 2 Enterprise Linux, Openoffice.org | 2026-04-23 | N/A |
| Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow. | ||||