Export limit exceeded: 16741 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336280 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1618 | 1 Scriptmagix | 1 Scriptmagix Faq Builder | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1620 | 1 Php Db Designer | 1 Php Db Designer | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php. | ||||
| CVE-2007-1621 | 1 Lbstone | 1 Active Php Bookmark Notes | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. | ||||
| CVE-2007-1624 | 1 Realguestbook | 1 Realguestbook | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1626 | 1 Php-nuke | 1 Iframe Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1633 | 1 Giorgio Ciranni | 1 Splatt Forum | 2025-04-09 | N/A |
| Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php. | ||||
| CVE-2007-1641 | 1 Portailphp | 1 Portailphp | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter. | ||||
| CVE-2007-1653 | 1 Glowworm | 1 Glowworm | 2025-04-09 | N/A |
| GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses. | ||||
| CVE-2007-1708 | 1 Ttcms | 1 Ttforum | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. | ||||
| CVE-2007-2247 | 1 Phpmyspace | 1 Phpmyspace | 2025-04-09 | N/A |
| SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||
| CVE-2007-2250 | 1 Phorum | 1 Phorum | 2025-04-09 | N/A |
| admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. | ||||
| CVE-2007-2251 | 1 Xaraya | 1 Xaraya | 2025-04-09 | N/A |
| Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd. | ||||
| CVE-2007-2255 | 1 Alexscriptengine | 1 Download-engine | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW. | ||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-2257 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb2 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-2258 | 1 Phpmybibli | 1 Phpmybibli | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | ||||
| CVE-2007-2259 | 1 Esforum | 1 Esforum | 2025-04-09 | N/A |
| SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter. | ||||
| CVE-2007-2261 | 1 Realink | 1 C-arbre | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721. | ||||
| CVE-2007-2265 | 1 Phpee | 1 Ya Book | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php. | ||||