Export limit exceeded: 363288 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363288 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0804 1 Ggcms 1 Ggcms 2026-04-23 N/A
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
CVE-2007-0805 1 Hp 1 Tru64 2026-04-23 N/A
The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.
CVE-2007-0807 1 Darrens 5-dollar Script Archive 1 Flashchat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.
CVE-2008-4993 2 Redhat, Xen 2 Enterprise Linux, Xen 2026-04-23 N/A
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
CVE-2007-0808 1 Mina Ajans 1 Mina Ajans Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.
CVE-2007-0810 1 Geeklog 1 Geeklog 2026-04-23 N/A
PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
CVE-2007-0812 1 Woltlab 1 Burning Board Lite 2026-04-23 N/A
SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
CVE-2007-0814 1 Adrenalin Labs 1 Adrenalins Asp Chat 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.
CVE-2007-0815 1 Uapplication 1 Uphotogallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.
CVE-2007-0824 1 Lightro 1 Lightro Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.
CVE-2008-2896 1 Getfireant 1 Fireant 2026-04-23 N/A
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2007-0827 1 Alibaba 1 Alipay Activex Control 2026-04-23 N/A
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
CVE-2007-0828 1 Mysqlnewsengine 1 Mysqlnewsengine 2026-04-23 N/A
PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.
CVE-2007-0829 1 Alwil 1 Avast Antivirus 2026-04-23 N/A
avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
CVE-2007-0831 1 Atsphp 1 Atsphp 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php
CVE-2007-0834 1 Darrens 5-dollar Script Archive 1 Flashchat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0835 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0836 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0837 1 Agermenu 1 Agermenu 2026-04-23 N/A
PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-0838 1 Freeproxy 1 Freeproxy 2026-04-23 N/A
FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.