Export limit exceeded: 29932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3620 | 1 Maia Mailguard | 1 Maia Mailguard | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b) php/internal-init.php, and (c) php/xlogin.php; the (4) lang parameter to (b) php/internal-init.php; and the (5) language parameter to (c) php/xlogin.php. | ||||
| CVE-2007-2929 | 1 Lenovo | 2 Access Support, Automated Solutions | 2026-04-23 | N/A |
| The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. | ||||
| CVE-2007-3202 | 1 Bruce Corkhill | 1 Web Wiz Rich Text Editor | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document. | ||||
| CVE-2007-2072 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use | ||||
| CVE-2006-5893 | 1 Iwonder Designs | 1 Storystream | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/. | ||||
| CVE-2007-3203 | 1 Software602 | 1 602pro Lan Suite | 2026-04-23 | N/A |
| Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3439 | 1 Snom | 2 320 Sip Phone, Snom 320 Linux | 2026-04-23 | N/A |
| The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800. | ||||
| CVE-2007-1493 | 1 Nukescripts | 1 Nukesentinel | 2026-04-23 | N/A |
| nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172. | ||||
| CVE-2007-3628 | 1 Pear | 1 Structures Datagrid Datasource Mdb2 | 2026-04-23 | N/A |
| Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." | ||||
| CVE-2007-2087 | 1 Cnstats | 1 Cnstats | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2932 | 1 Boastmachine | 1 Boastmachine | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. | ||||
| CVE-2007-2092 | 1 Limesoft | 1 Limesoft Guestbook | 2026-04-23 | N/A |
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2933 | 1 Phil-a-form | 1 Phil-a-form | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. | ||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | ||||
| CVE-2007-3442 | 1 Research In Motion Limited | 1 Blackberry 7270 | 2026-04-23 | N/A |
| Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header. | ||||
| CVE-2007-1401 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. | ||||
| CVE-2007-2095 | 1 Myspeach | 1 Myspeach | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498. | ||||
| CVE-2007-2925 | 1 Isc | 1 Bind | 2026-04-23 | N/A |
| The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. | ||||
| CVE-2007-2935 | 1 Fundanemt | 1 Fundanemt | 2026-04-23 | N/A |
| core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. | ||||
| CVE-2007-0288 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01. | ||||