Export limit exceeded: 352386 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352386 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5947 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | ||||
| CVE-2007-6260 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed. | ||||
| CVE-2007-5300 | 1 Wzdftpd | 1 Wzdftpd | 2026-04-23 | N/A |
| Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5301 | 1 Alsaplayer | 1 Alsaplayer | 2026-04-23 | N/A |
| Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments. | ||||
| CVE-2007-5302 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-5303 | 1 Snewscms | 1 Snewscms Rus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. | ||||
| CVE-2007-5304 | 1 Yannick Tanguy | 1 Else If Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php. | ||||
| CVE-2007-5305 | 1 Yannick Tanguy | 1 Else If Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files. | ||||
| CVE-2007-5306 | 1 Yannick Tanguy | 1 Else If Cms | 2026-04-23 | N/A |
| ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php. | ||||
| CVE-2007-5310 | 2 Joomla, Webmaster-tips.net | 2 Joomla, Flash Image Gallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-5948 | 1 Script-fun | 1 Sf-shoutbox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters. | ||||
| CVE-2007-5311 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter. | ||||
| CVE-2007-5312 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php. | ||||
| CVE-2007-5313 | 1 Script-solution.de | 1 Picturesolution | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2007-5314 | 1 Xkiosk | 1 Xkiosk Web | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter. | ||||
| CVE-2007-5315 | 1 Softpedia | 1 Livealbum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter. | ||||
| CVE-2007-5949 | 1 Ibm | 1 Tivoli Service Desk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. | ||||
| CVE-2007-5316 | 1 Softbizscripts | 1 Softbiz Jobs And Recruitment Script | 2026-04-23 | N/A |
| SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-5950 | 1 Netcommons | 1 Netcommons | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165. | ||||
| CVE-2007-5318 | 1 Typolight | 1 Typolight Webcms | 2026-04-23 | N/A |
| Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||