Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3591 1 Elite Bulletin Board 1 Elite Bulletin Board 2026-04-23 N/A
Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks.
CVE-2007-0177 1 Mediawiki 1 Mediawiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0179 1 Phpkit 1 Phpkit 2026-04-23 N/A
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.
CVE-2007-0180 1 Ef Software 1 Ef Commander 2026-04-23 N/A
Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow.
CVE-2007-0183 1 Sun 1 Iplanet Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4482 1 Wordpress 1 Pool 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
CVE-2007-0191 1 Mkportal 1 Mkportal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.
CVE-2007-0938 1 Microsoft 1 Content Management Server 2026-04-23 N/A
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
CVE-2007-1657 1 Python Software Foundation 1 Python 2026-04-23 N/A
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.
CVE-2007-0201 1 Tis 1 Internet Firewall Toolkit 2026-04-23 N/A
Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).
CVE-2007-0973 1 Jupiter Cms 1 Jupiter Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action.
CVE-2006-5217 1 Emek Portal 1 Emek Portal 2026-04-23 N/A
SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters.
CVE-2006-6413 1 Amateras 1 Amateras Sns 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0532 1 Tuan Do 1 Uploader 2026-04-23 N/A
Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.
CVE-2007-0239 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-23 N/A
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
CVE-2007-4638 1 Blizzard Entertainment 1 Starcraft Brood War 2026-04-23 N/A
Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview.
CVE-2006-5739 1 Leicestershire 1 Communityportals 2026-04-23 N/A
PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280.
CVE-2007-4481 1 Wordpress 1 Blix 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
CVE-2007-4354 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
CVE-2006-5925 3 Elinks, Links, Redhat 3 Elinks, Links, Enterprise Linux 2026-04-23 N/A
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.