Export limit exceeded: 363150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363150 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6288 1 Tecnick.com 1 Tcexam 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-6290 1 Iptel 1 Serweb 2026-04-23 N/A
Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.
CVE-2007-6291 1 Xigla 1 Absolute Banner Manager.net 2026-04-23 N/A
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.
CVE-2007-6292 1 Mwopen 1 E-commerce 2026-04-23 N/A
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6294 1 Ibm 1 Hardware Management Console 2026-04-23 N/A
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands."
CVE-2007-6295 1 Ibm 1 Lotus Sametime 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2007-6296 1 Phpmychat 1 Phpmychat 2026-04-23 N/A
PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
CVE-2007-2462 1 Cisco 2 Adaptive Security Appliance Software, Pix 2026-04-23 N/A
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.
CVE-2007-3062 1 Hp 1 System Management Homepage 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3326 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2.
CVE-2007-1178 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
CVE-2007-6319 1 Lyris 1 List Manager 2026-04-23 N/A
Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts."
CVE-2007-6320 1 Drupal 1 Feature Module 2026-04-23 N/A
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
CVE-2007-6337 2 Clam Anti-virus, Gentoo 2 Clamav, Linux 2026-04-23 N/A
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
CVE-2007-6338 1 Trivantis 1 Coursemill Enterprise Learning Management System 2026-04-23 N/A
SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.
CVE-2007-6339 1 Akamai Technologies 1 Download Manager 2026-04-23 N/A
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
CVE-2007-1182 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
CVE-2007-6342 1 David Castro 1 Apache Authcas 2026-04-23 N/A
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
CVE-2007-6344 1 Mcms 1 Easy Web Make 2026-04-23 N/A
Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
CVE-2007-6345 1 Aurora 1 Aurora Framework 2026-04-23 N/A
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.