Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1617 1 Scriptmagix 1 Scriptmagix Recipes 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1618 1 Scriptmagix 1 Scriptmagix Faq Builder 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1619 1 Scriptmagix 1 Scriptmagix Photo Rating 2026-04-23 N/A
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2007-1620 1 Php Db Designer 1 Php Db Designer 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php.
CVE-2007-1621 1 Lbstone 1 Active Php Bookmark Notes 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
CVE-2007-1622 1 Wordpress 1 Wordpress 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
CVE-2007-1623 1 Realguestbook 1 Realguestbook 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1624 1 Realguestbook 1 Realguestbook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1625 1 Realguestbook 1 Realguestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data.
CVE-2007-1626 1 Php-nuke 1 Iframe Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-1628 1 Studiewijzer 1 Studiewijzer 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files.
CVE-2007-1632 1 Typolight 1 Typolight Webcms 2026-04-23 N/A
Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole."
CVE-2007-1633 1 Giorgio Ciranni 1 Splatt Forum 2026-04-23 N/A
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
CVE-2007-1634 1 Net Portal Dynamic System 1 Net Portal Dynamic System 2026-04-23 N/A
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
CVE-2007-1642 1 Manageengine 1 Firewall Analyzer 2026-04-23 N/A
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.
CVE-2007-1644 1 Microsoft 1 All Windows 2026-04-23 N/A
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
CVE-2007-1645 2 Futuresoft, Microsoft 2 Tftp Server 2000, Windows 2000 2026-04-23 N/A
Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
CVE-2007-1646 1 Subhub 1 Subhub 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe.
CVE-2007-1647 1 Moodle 1 Moodle 2026-04-23 N/A
Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.
CVE-2007-1648 1 Dev0.de 1 0irc 2026-04-23 N/A
0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference.