Search Results (362972 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2241 1 Isc 1 Bind 2026-04-23 N/A
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
CVE-2007-2271 1 Rajneel Lal Totaram 1 Usp Foss Distribution 2026-04-23 N/A
Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.
CVE-2008-3026 1 Oneclick Cms 1 Oneclick Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4459 1 Redmine 1 Redmine 2026-04-23 N/A
Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.
CVE-2007-2246 2 Hp, Sendmail 2 Hp-ux, Sendmail 2026-04-23 N/A
Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434.
CVE-2007-2249 1 Phorum 1 Phorum 2026-04-23 N/A
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
CVE-2009-4460 1 Ljscripts 1 Auto-surf Traffic Exchange Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php.
CVE-2007-2252 1 Exponent 1 Exponent Cms 2026-04-23 N/A
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
CVE-2007-2253 1 Exponent 1 Exponent Cms 2026-04-23 N/A
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.
CVE-2008-3027 1 Vangogh Web Cms 1 Vangogh Web Cms 2026-04-23 N/A
SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.
CVE-2007-2257 1 Fully Modded Phpbb 1 Fully Modded Phpbb2 2026-04-23 N/A
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-2260 1 Bibtex 1 Mase 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.
CVE-2007-2262 1 Sinato 1 Jmuffin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "File117".
CVE-2007-2258 1 Phpmybibli 1 Phpmybibli 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2007-2259 1 Esforum 1 Esforum 2026-04-23 N/A
SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.
CVE-2007-2263 2 Realnetworks, Redhat 4 Realone Player, Realplayer, Realplayer Enterprise and 1 more 2026-04-23 N/A
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
CVE-2007-2268 1 Swsoft 1 Plesk 2026-04-23 N/A
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
CVE-2007-2269 1 Swsoft 1 Plesk 2026-04-23 N/A
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
CVE-2008-3030 1 Efes Tech Shop 1 Efes Tech Shop 2026-04-23 N/A
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.
CVE-2007-2270 1 Linksys 1 Spa941 2026-04-23 N/A
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.