Export limit exceeded: 351454 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1598 | 1 Intervations | 1 Filecopa | 2026-04-23 | N/A |
| Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-1597 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2026-04-23 | N/A |
| Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log. | ||||
| CVE-2007-1599 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | ||||
| CVE-2007-1600 | 1 Digital Eye Gallery | 1 Digital Eye Gallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | ||||
| CVE-2007-1603 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2026-04-23 | N/A |
| admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request. | ||||
| CVE-2007-1604 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. | ||||
| CVE-2007-1606 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. | ||||
| CVE-2007-1607 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. | ||||
| CVE-2007-1612 | 1 Katalog Plyt Audio | 1 Katalog Plyt Audio | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter. | ||||
| CVE-2007-1613 | 1 Mpm Chat | 1 Mpm Chat | 2026-04-23 | N/A |
| Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter. | ||||
| CVE-2007-1614 | 1 Zziplib | 1 Zziplib | 2026-04-23 | N/A |
| Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. | ||||
| CVE-2007-1615 | 1 Scriptmagix | 1 Scriptmagix Jokes | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1618 | 1 Scriptmagix | 1 Scriptmagix Faq Builder | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1619 | 1 Scriptmagix | 1 Scriptmagix Photo Rating | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. | ||||
| CVE-2007-1621 | 1 Lbstone | 1 Active Php Bookmark Notes | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. | ||||
| CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2009-1659 | 1 Intelliants | 1 Elitius | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. | ||||
| CVE-2007-1625 | 1 Realguestbook | 1 Realguestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data. | ||||
| CVE-2007-1628 | 1 Studiewijzer | 1 Studiewijzer | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files. | ||||
| CVE-2007-1630 | 1 Active Web Softwares | 1 Active Link Engine | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||