Export limit exceeded: 363401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2338 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. | ||||
| CVE-2007-3397 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. | ||||
| CVE-2007-2414 | 2 Microsoft, Myserver | 2 All Windows, Myserver | 2026-04-23 | N/A |
| MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2007-3396 | 1 Key Focus | 1 Kf Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. | ||||
| CVE-2007-2961 | 1 Filecloset | 1 Filecloset | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | ||||
| CVE-2007-3809 | 1 Prozilla | 1 Prozilla Directory Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | ||||
| CVE-2007-3555 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | ||||
| CVE-2007-3384 | 1 Apache | 1 Tomcat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. | ||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2026-04-23 | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-1672 | 1 Avast | 1 Avast Antivirus | 2026-04-23 | N/A |
| avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-2417 | 2 Progress, Rsa | 4 Openedge, Progress, Ace Server and 1 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. | ||||
| CVE-2007-2960 | 1 Scallywag.org | 1 Scallywag | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2959 | 1 Cpcommerce | 1 Cpcommerce | 2026-04-23 | N/A |
| SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | ||||
| CVE-2007-2419 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2026-04-23 | N/A |
| Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | ||||
| CVE-2007-3569 | 1 Softlink Europe | 1 Oliver Library Management System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. | ||||
| CVE-2007-2958 | 2 Sylpheed, Sylpheed-claws | 2 Sylpheed, Sylpheed-claws | 2026-04-23 | N/A |
| Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. | ||||
| CVE-2007-2420 | 1 Burak Yilmaz | 1 Burak Yilmaz Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2941 | 1 Michael Brandon | 1 Vbgsitemap | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | ||||
| CVE-2007-3543 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. | ||||
| CVE-2007-1858 | 2 Apache, Redhat | 3 Tomcat, Network Satellite, Rhel Application Server | 2026-04-23 | N/A |
| The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. | ||||