Export limit exceeded: 363318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3191 1 Jffnms 1 Just For Fun Network Management System 2026-04-23 N/A
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
CVE-2007-3356 1 Scriptdevelopers.net 1 Netclassifieds 2026-04-23 N/A
NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php.
CVE-2007-3250 1 Elxis 1 Elxis Cms 2026-04-23 N/A
SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected.
CVE-2007-2616 1 Novell 1 Netmail 2026-04-23 N/A
Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.
CVE-2007-4312 1 Php Blue Dragon 1 Php Blue Dragon Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.
CVE-2007-2782 1 Packeteer 1 Packetshaper 2026-04-23 N/A
Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption.
CVE-2007-3192 1 Jffnms 1 Just For Fun Network Management System 2026-04-23 N/A
admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.
CVE-2007-3251 1 E-vision 1 E-vision Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.
CVE-2007-3718 1 Apple 1 Safari 2026-04-23 N/A
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.
CVE-2007-3193 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
CVE-2007-3252 1 Portalapp 1 Portalapp 2026-04-23 N/A
PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786.
CVE-2008-6660 1 Ozerov 1 Bigdump 2026-04-23 N/A
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
CVE-2007-3357 1 Scriptdevelopers.net 1 Netclassifieds 2026-04-23 N/A
NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors.
CVE-2007-3194 1 Mywebland 1 Mybloggie 2026-04-23 9.8 Critical
Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist
CVE-2007-4313 1 Php Blue Dragon 1 Php Blue Dragon Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958.
CVE-2007-3253 1 Astaro 1 Security Gateway 2026-04-23 N/A
Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session.
CVE-2007-2664 1 Tomasz Rekawek 1 Yet Another Asterisk Panel 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
CVE-2007-2611 1 Cgx 1 Cgx 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/.
CVE-2007-2958 2 Sylpheed, Sylpheed-claws 2 Sylpheed, Sylpheed-claws 2026-04-23 N/A
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
CVE-2007-4314 1 Pixlie 1 Pixlie 2026-04-23 N/A
pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service.