Export limit exceeded: 361611 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361611 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0490 | 1 Open-realty | 1 Open-realty | 2026-04-23 | N/A |
| index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | ||||
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2026-04-23 | N/A |
| SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | ||||
| CVE-2007-3708 | 1 Codeigniter | 1 Codeigniter | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function. | ||||
| CVE-2007-0513 | 1 Hitachi | 5 Hirdb Datareplicator, Hirdb Parallel Server, Hirdb Single Server and 2 more | 2026-04-23 | N/A |
| Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data. | ||||
| CVE-2007-3716 | 1 Sun | 2 Jdk, Jre | 2026-04-23 | N/A |
| The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. | ||||
| CVE-2007-0520 | 1 Unique Ads | 1 Unique Ads | 2026-04-23 | N/A |
| SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | ||||
| CVE-2007-4832 | 1 Immersion Games | 1 Cellfactor Revolution | 2026-04-23 | N/A |
| Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | ||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2026-04-23 | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | ||||
| CVE-2007-0557 | 1 Rmake | 1 Rmake | 2026-04-23 | N/A |
| rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. | ||||
| CVE-2007-0559 | 1 Rp World | 1 Rp World | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter. | ||||
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2026-04-23 | N/A |
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2007-0571 | 1 Phpmyreports | 1 Phpmyreports | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter. | ||||
| CVE-2007-3736 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. | ||||
| CVE-2007-0580 | 1 Javier Suarez Sanz | 1 Foro Domus | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter. | ||||
| CVE-2007-0581 | 1 Eclipsebb | 1 Eclipsebb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-0590 | 1 Forum Livre | 1 Forum Livre | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter. | ||||
| CVE-2007-0591 | 1 Vu Le An | 1 Virtual Path | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. | ||||
| CVE-2008-1125 | 1 Podcast Generator | 1 Podcast Generator | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php. | ||||
| CVE-2007-0606 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | ||||