Export limit exceeded: 349375 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349375 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5270 | 1 Bendiken | 1 Boost Module For Drupal | 2026-04-23 | N/A |
| Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5.x before 5.x-1.0, for Drupal allows remote attackers to create or overwrite arbitrary files, and conduct cross-site scripting attacks (XSS) via unspecified vectors. | ||||
| CVE-2007-5156 | 4 Cardinal Cms Project, Redlinesoft, Sitex Cms Project and 1 more | 4 Cardinal Cms, Lanai Cms, Sitex Cms and 1 more | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. | ||||
| CVE-2007-5160 | 1 Restaurant Management System | 1 Restaurant Management System | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php. | ||||
| CVE-2007-5161 | 1 I-systems Inc. | 1 Feedreader | 2026-04-23 | N/A |
| Cross-zone scripting vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. NOTE: this was originally reported as XSS. | ||||
| CVE-2007-5162 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2026-04-23 | N/A |
| The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. | ||||
| CVE-2007-5271 | 1 Trionic | 1 Cite Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php. | ||||
| CVE-2007-5917 | 1 Skalinks | 1 Skalinks | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | ||||
| CVE-2007-5163 | 1 Nexty | 1 Nexty | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request | ||||
| CVE-2007-5272 | 1 Furkan Tastan Blog | 1 Furkan Tastan Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action. | ||||
| CVE-2007-5164 | 1 Universibo | 1 Universibo | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request | ||||
| CVE-2007-6233 | 1 Ftp Admin | 1 Ftp Admin | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | ||||
| CVE-2007-5165 | 1 Myipacng-stats | 1 Myipacng-stats | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use | ||||
| CVE-2007-5166 | 1 Sitesys | 1 Sitesys | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php. | ||||
| CVE-2007-5167 | 1 Phplister | 1 Phplister | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter. | ||||
| CVE-2007-6234 | 1 Ftp Admin | 1 Ftp Admin | 2026-04-23 | N/A |
| index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account. | ||||
| CVE-2007-5168 | 1 Clanlite | 1 Clanlite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules/serveur_jeux.php or (2) conf/conf-php.php. NOTE: vector 1 is disputed by CVE because the require_once is only reached when a certain constant has already been defined. | ||||
| CVE-2007-5169 | 1 Adobe | 1 Pagemaker | 2026-04-23 | N/A |
| Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file. | ||||
| CVE-2007-5170 | 1 Sun | 2 Embedded Lights Out Manager, Sun Fire | 2026-04-23 | N/A |
| Unspecified vulnerability in the embedded service processor (SP) before 3.09 in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) allows remote attackers to send arbitrary network traffic and use ELOM as a spam proxy. | ||||
| CVE-2007-5176 | 1 Grouplink | 1 Ehelpdesk | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6419 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | ||||