Export limit exceeded: 350440 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350440 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6719 | 1 Gnu | 1 Wget | 2026-04-23 | N/A |
| The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | ||||
| CVE-2006-6720 | 1 Azucar Cms | 1 Azucar Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. | ||||
| CVE-2007-1397 | 1 Fish | 1 Fish | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | ||||
| CVE-2007-1941 | 1 Ibm | 1 Lotus Notes | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. | ||||
| CVE-2007-1949 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2007-1957 | 1 Guernion Sylvain Portail | 1 Web Php | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/. | ||||
| CVE-2007-4345 | 1 Ipswitch | 2 Imail Client, Imail Server | 2026-04-23 | N/A |
| Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. | ||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | ||||
| CVE-2007-1963 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2026-04-23 | N/A |
| SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | ||||
| CVE-2007-1964 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2026-04-23 | N/A |
| member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. | ||||
| CVE-2007-1965 | 1 Exv2 | 1 Content Management System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. | ||||
| CVE-2007-1967 | 1 Stat12 | 1 Stat12 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party | ||||
| CVE-2007-1970 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks. | ||||
| CVE-2007-3963 | 1 Usebb | 1 Usebb | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193. | ||||
| CVE-2007-3988 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2026-04-23 | N/A |
| Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2007-6258 | 2 Apache, F5 | 2 Mod Jk, Big-ip | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. | ||||
| CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2026-04-23 | N/A |
| MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | ||||
| CVE-2007-6553 | 1 George Lewe | 1 Teamcal Pro | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845. | ||||
| CVE-2007-6555 | 1 Phil Taylor | 1 Mosdirectory | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | ||||
| CVE-2007-6568 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. | ||||