Export limit exceeded: 363261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3687 1 Infernotechnologies 1 Rpg Inferno 2026-04-23 N/A
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
CVE-2007-3689 1 Drupal 1 Print Module 2026-04-23 N/A
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
CVE-2007-3690 1 Drupal 1 Forward Module 2026-04-23 N/A
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
CVE-2007-3691 1 Av Scripts 1 Av Tutorial Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.
CVE-2007-3693 1 Gobi And Helma 1 Gobi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.
CVE-2007-3694 1 Getmiro 1 Broadcast Machine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2007-3695 1 Broadcom 1 Erwin Process Modeler 2026-04-23 N/A
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
CVE-2007-3696 1 Broadcom 1 Erwin Data Model Validator 2026-04-23 N/A
CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.
CVE-2007-3697 1 Tufat 1 Flashbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
CVE-2007-3701 2 3com, Tippingpoint 2 Tippingpoint Ips Tos, Tipping Point 2026-04-23 N/A
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
CVE-2007-3702 1 Mail Machine 1 Mail Machine 2026-04-23 N/A
Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.
CVE-2007-3703 1 Zenturi 1 Zenturi Programchecker 2026-04-23 N/A
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
CVE-2007-3704 1 Entertainment Cms 1 Entertainment Cms 2026-04-23 N/A
Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator."
CVE-2007-3705 1 Fusetalk 1 Fusetalk 2026-04-23 N/A
SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm.
CVE-2007-3706 1 Codeigniter 1 Codeigniter 2026-04-23 N/A
The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.
CVE-2007-3707 1 Codeigniter 1 Codeigniter 2026-04-23 N/A
Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
CVE-2007-3709 1 Codeigniter 1 Codeigniter 2026-04-23 N/A
CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header.
CVE-2007-3710 1 Php Comet-server 1 Php Comet-server 2026-04-23 N/A
PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter.
CVE-2007-3711 1 3com 1 Tippingpoint Ips Tos 2026-04-23 N/A
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.
CVE-2007-3712 1 Hiddenchest 1 Yb Ve Bayi Babvuru Formu 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.