Export limit exceeded: 29844 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0905 | 2 Php, Trustix | 2 Php, Secure Linux | 2025-04-09 | N/A |
| PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. | ||||
| CVE-2007-1919 | 1 Arizona-dream | 1 Livre D Or Livor | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2007-3127 | 1 Ibm | 1 Websphere Portal | 2025-04-09 | N/A |
| content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. | ||||
| CVE-2007-4096 | 1 Tor | 1 Tor | 2025-04-09 | N/A |
| Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2007-3689 | 1 Drupal | 1 Print Module | 2025-04-09 | N/A |
| The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | ||||
| CVE-2007-1921 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. | ||||
| CVE-2007-4094 | 1 Idevspot | 1 Phphostbot | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776. | ||||
| CVE-2007-0942 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. | ||||
| CVE-2007-4314 | 1 Pixlie | 1 Pixlie | 2025-04-09 | N/A |
| pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service. | ||||
| CVE-2007-0944 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2007-3684 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. | ||||
| CVE-2007-4312 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action. | ||||
| CVE-2007-3559 | 1 Php-fusion | 1 Php-fusion | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. | ||||
| CVE-2007-3556 | 1 Doubleflex | 1 Liesbeth Base Cms | 2025-04-09 | N/A |
| Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc. | ||||
| CVE-2007-1927 | 1 Youngzsoft | 1 Cmailserver | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | ||||
| CVE-2006-3894 | 1 Dell | 2 Bsafe Cert-c, Bsafe Crypto-c | 2025-04-09 | N/A |
| The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects. | ||||
| CVE-2007-1933 | 1 Dreamcodes | 1 Pcp-guestbook | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php. | ||||
| CVE-2007-3683 | 1 Aigaion | 1 Aigaion | 2025-04-09 | N/A |
| SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter. | ||||
| CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack | ||||
| CVE-2007-4310 | 1 Sun | 1 Sunos | 2025-04-09 | N/A |
| The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503. | ||||