Export limit exceeded: 363134 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363134 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363134 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6565 | 1 Blakord | 1 Blakord Portal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. | ||||
| CVE-2007-6564 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. | ||||
| CVE-2007-6547 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. | ||||
| CVE-2007-6546 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | ||||
| CVE-2007-6545 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php. | ||||
| CVE-2007-6544 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | ||||
| CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2026-04-23 | N/A |
| SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-6549 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." | ||||
| CVE-2007-6250 | 2 Aol, Microsoft | 2 Aolmediaplaybackcontrol, Ampx | 2026-04-23 | N/A |
| Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. | ||||
| CVE-2007-6252 | 1 Learn2 | 1 Strunner | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-6279 | 1 Flac | 1 Libflac | 2026-04-23 | N/A |
| Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. | ||||
| CVE-2007-6281 | 1 Stbernard | 1 Open File Manager | 2026-04-23 | N/A |
| Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request. | ||||
| CVE-2007-6282 | 1 Redhat | 3 Enterprise Linux, Enterprise Linux Desktop, Enterprise Mrg | 2026-04-23 | N/A |
| The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | ||||
| CVE-2007-6284 | 3 Debian, Mandrakesoft, Redhat | 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2026-04-23 | N/A |
| The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. | ||||
| CVE-2007-6286 | 1 Apache | 1 Tomcat | 2026-04-23 | N/A |
| Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. | ||||
| CVE-2007-6287 | 1 Lxlabs | 1 Hypervm | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6288 | 1 Tecnick.com | 1 Tcexam | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-6290 | 1 Iptel | 1 Serweb | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. | ||||
| CVE-2007-6291 | 1 Xigla | 1 Absolute Banner Manager.net | 2026-04-23 | N/A |
| SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter. | ||||
| CVE-2007-6292 | 1 Mwopen | 1 E-commerce | 2026-04-23 | N/A |
| SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||