Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3051 1 Revokesoft 1 Revokebb 2026-04-23 N/A
SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
CVE-2007-0303 1 Pancake.org 1 Zina 2026-04-23 N/A
Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."
CVE-2007-2267 1 Sun 1 Cluster 2026-04-23 N/A
Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.
CVE-2007-2268 1 Swsoft 1 Plesk 2026-04-23 N/A
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
CVE-2007-2272 1 Advanced Webhost Billing System 1 Advanced Webhost Billing System 2026-04-23 N/A
PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter.
CVE-2007-2077 1 Maian 1 Search 2026-04-23 N/A
PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem."
CVE-2006-5524 1 Phplist 1 Phplist 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.
CVE-2007-1756 1 Microsoft 3 Excel, Excel Viewer, Office 2026-04-23 N/A
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
CVE-2007-3082 1 Sendcard 1 Sendcard 2026-04-23 N/A
Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.
CVE-2007-3084 1 Comdev 1 Comdev Web Blogger 2026-04-23 N/A
PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.
CVE-2007-2298 1 Gforge 1 Garennes 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.
CVE-2007-2301 1 Arash 1 Audiocms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/.
CVE-2007-2469 1 Filerun 1 Filerun 2026-04-23 N/A
SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
CVE-2007-2310 1 Bloofoxcms 1 Bloofoxcms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.
CVE-2007-2327 1 Labs4 1 Htmleditbox 2026-04-23 N/A
PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.
CVE-2007-2317 2 Minibb, Tosmo Mambo 2 Minibb, Tosmo Mambo 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
CVE-2007-1040 1 Xpression News 1 Xpression News 2026-04-23 N/A
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.
CVE-2007-0550 1 212cafe 1 212cafeboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.
CVE-2007-2350 1 Freepbx 1 Freepbx 2026-04-23 N/A
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
CVE-2007-2392 1 Apple 2 Mac Os X, Quicktime 2026-04-23 N/A
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.