Export limit exceeded: 363020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363020 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5318 1 Nayco 1 Jasmine 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter.
CVE-2007-6665 1 Netchemia 1 Oneschool 2026-04-23 N/A
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.
CVE-2007-6648 1 Sanybee Gallery 1 Sanybee Gallery 2026-04-23 N/A
Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
CVE-2007-6647 1 W-agora 1 W-agora 2026-04-23 N/A
SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-6642 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
CVE-2007-6638 1 March Networks 1 3204 Dvr 2026-04-23 N/A
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
CVE-2007-6637 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
CVE-2007-6636 1 Bitflu 1 Bitflu 2026-04-23 N/A
Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file.
CVE-2007-6635 1 Netbizcity 1 Faqmasterflexplus 2026-04-23 N/A
FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access.
CVE-2007-6630 1 Feng 1 Feng 2026-04-23 N/A
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
CVE-2007-6615 1 Agares Media 1 Phpautovideo 2026-04-23 N/A
Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter.
CVE-2007-6613 1 Gnu 1 Libcdio 2026-04-23 N/A
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
CVE-2007-6612 1 Mongrel 1 Mongrel 2026-04-23 N/A
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
CVE-2007-6611 1 Mantis 1 Mantis 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
CVE-2007-6602 1 Noserub 1 Noserub 2026-04-23 N/A
SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script.
CVE-2007-6598 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2026-04-23 N/A
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
CVE-2007-6597 1 Iportalx 1 Iportalx 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp.
CVE-2007-6596 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
CVE-2007-1183 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
CVE-2007-6574 1 Dokeos 2 Open Source Learning And Knowledge Management, Open Source Learning And Knowledge Management Tool 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.