Export limit exceeded: 367101 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367101 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3364 1 Myserver 1 Myserver 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content.
CVE-2007-3538 1 Qt-cute 1 Quicktalk Guestbook 2026-04-23 N/A
SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3687 1 Infernotechnologies 1 Rpg Inferno 2026-04-23 N/A
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
CVE-2007-1326 1 Serendipity 1 Serendipity 2026-04-23 N/A
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
CVE-2007-2529 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
CVE-2007-3096 1 Pblang 1 Pblang 2026-04-23 N/A
Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-3543 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
CVE-2007-1337 1 Vmware 1 Workstation 2026-04-23 N/A
The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.
CVE-2007-2530 1 Tropicalm 1 Tropicalm Crowell Resource 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php.
CVE-2007-3097 1 F5 1 Firepass 4100 2026-04-23 N/A
my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.
CVE-2007-3366 1 Cpanel 1 Cpanel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3544 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
CVE-2007-3689 1 Drupal 1 Print Module 2026-04-23 N/A
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
CVE-2007-2531 1 Berylium 1 Berylium2 2026-04-23 N/A
PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.
CVE-2007-3098 1 Castle Rock Computing 1 Snmpc 2026-04-23 N/A
The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP.
CVE-2007-3551 1 Bbs100 1 Bbs100 2026-04-23 N/A
Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c.
CVE-2007-3690 1 Drupal 1 Forward Module 2026-04-23 N/A
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
CVE-2007-1342 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
CVE-2007-3552 1 Bbs100 1 Bbs100 2026-04-23 N/A
Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information.
CVE-2007-3692 1 Kddi 1 Ezfactory Download Cgi 2026-04-23 N/A
Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.