Export limit exceeded: 34832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1839 | 1 Codebb | 1 Codebb | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select. | ||||
| CVE-2007-1840 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2025-04-09 | N/A |
| lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). | ||||
| CVE-2007-1845 | 1 Php Fusion | 1 Expanded Calendar Module | 2025-04-09 | N/A |
| SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter. | ||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2025-04-09 | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2009-4041 | 1 Usebb | 1 Usebb | 2025-04-09 | N/A |
| UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags. | ||||
| CVE-2007-1848 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | ||||
| CVE-2007-1852 | 1 Ben3w | 1 2bgal | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used | ||||
| CVE-2007-1853 | 1 Hitachi | 5 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors. | ||||
| CVE-2006-3867 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. | ||||
| CVE-2007-2721 | 2 Jasper Jpeg-2000, Redhat | 2 Jasper Jpeg-2000, Enterprise Linux | 2025-04-09 | N/A |
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | ||||
| CVE-2007-2726 | 1 Bitscast | 1 Bitscast | 2025-04-09 | N/A |
| BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns. | ||||
| CVE-2007-2727 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. | ||||
| CVE-2007-2739 | 1 Xajax | 1 Xajax | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2743 | 1 Glossword | 1 Glossword | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | ||||
| CVE-2007-2751 | 1 Phpglossar | 1 Phpglossar | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php. | ||||
| CVE-2007-2752 | 1 Runawaysoft | 1 Haber Portal | 2025-04-09 | N/A |
| SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2757 | 1 Dean J Robinson | 1 Redoable | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php. | ||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2025-04-09 | N/A |
| Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | ||||
| CVE-2007-2759 | 1 Adempiere | 1 Adempiere | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2760 | 1 Adempiere | 1 Adempiere | 2025-04-09 | N/A |
| The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information. | ||||