Export limit exceeded: 349366 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349366 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349366 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1397 | 1 Fish | 1 Fish | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | ||||
| CVE-2007-1941 | 1 Ibm | 1 Lotus Notes | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. | ||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2007-1957 | 1 Guernion Sylvain Portail | 1 Web Php | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/. | ||||
| CVE-2007-4345 | 1 Ipswitch | 2 Imail Client, Imail Server | 2026-04-23 | N/A |
| Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. | ||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | ||||
| CVE-2007-1963 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2026-04-23 | N/A |
| SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | ||||
| CVE-2007-1964 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2026-04-23 | N/A |
| member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. | ||||
| CVE-2007-1965 | 1 Exv2 | 1 Content Management System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. | ||||
| CVE-2007-1967 | 1 Stat12 | 1 Stat12 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party | ||||
| CVE-2007-1970 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks. | ||||
| CVE-2007-3963 | 1 Usebb | 1 Usebb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193. | ||||
| CVE-2007-3988 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2026-04-23 | N/A |
| Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2007-6258 | 2 Apache, F5 | 2 Mod Jk, Big-ip | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. | ||||
| CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2026-04-23 | N/A |
| MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | ||||
| CVE-2007-6553 | 1 George Lewe | 1 Teamcal Pro | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845. | ||||
| CVE-2007-6555 | 1 Phil Taylor | 1 Mosdirectory | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | ||||
| CVE-2007-6568 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. | ||||
| CVE-2007-6585 | 1 Nmnnewsletter | 1 Nmnnewsletter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter. | ||||
| CVE-2008-2477 | 1 Mx-system | 1 Mxbb Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||