Export limit exceeded: 363049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363049 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1128 1 Watersweb Shops 1 Shop Kit Plus 2026-04-23 N/A
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.
CVE-2007-1129 1 Mtcms 1 Mtcms 2026-04-23 N/A
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.
CVE-2007-1130 1 Scipter.ch 1 Gastebuch 2026-04-23 N/A
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
CVE-2007-1131 1 Scripter.ch 1 Sinapis Forum 2026-04-23 N/A
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
CVE-2007-1132 1 Mtcms 1 Mtcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.
CVE-2007-1133 1 Scripter.ch 1 Fcring 2026-04-23 N/A
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
CVE-2007-1134 1 Watchtower 1 Watchtower 2026-04-23 N/A
Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
CVE-2007-1135 1 Sourceforge 1 Webmplayer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.
CVE-2007-1137 1 Sourceforge 1 Putmail 2026-04-23 N/A
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
CVE-2007-1138 1 Cromosoft 1 Simple Plantilla Php 2026-04-23 N/A
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
CVE-2007-1139 1 Cromosoft 1 Simple Plantilla Php 2026-04-23 N/A
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.
CVE-2007-1140 1 Barekoncept 1 Pheap 2026-04-23 N/A
Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2007-1141 1 Reamday Enterprises 1 Magic News Plus 2026-04-23 N/A
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.
CVE-2007-1142 1 Reamday Enterprises 1 Magic News Plus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.
CVE-2007-1144 1 Comscripts 1 J-web Pics Navigator 2026-04-23 N/A
Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.
CVE-2008-2922 1 T0pp8uzz 1 Dana Irc Client 2026-04-23 N/A
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.
CVE-2009-4417 1 Zend 1 Framework 2026-04-23 N/A
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
CVE-2007-1146 1 Delmaa.com 1 Arabhost 2026-04-23 N/A
PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
CVE-2007-1147 1 Hbm 1 Hbm 2026-04-23 N/A
PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.
CVE-2007-1148 1 Lovecms 1 Lovecms 2026-04-23 N/A
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.