Export limit exceeded: 362508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4108 1 Codewidgets 1 Online Event Registration Template 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2006-6284 1 Vikingboard 1 Vikingboard 2026-04-23 N/A
Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter.
CVE-2006-6285 1 Kai Blankenhorn Bitfolge 1 Simple And Nice Index File 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. NOTE: CVE and other third parties dispute this vulnerability because $externalConfig is defined before use
CVE-2007-1985 1 Phpexplorator 1 Phpexplorator 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.
CVE-2007-4115 1 Itcms 1 Itcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.
CVE-2007-0651 1 Mailenable 1 Mailenable Professional 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
CVE-2007-1994 1 Hp 1 Hp-ux 2026-04-23 N/A
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.
CVE-2007-1998 1 Hiox India 1 Guest Book 2026-04-23 N/A
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
CVE-2007-2001 1 Crea-book 1 Crea-book 2026-04-23 N/A
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
CVE-2007-2000 1 Raphael Limbach 1 Crea-book 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
CVE-2007-2008 1 Pl-php 1 Pl-php 2026-04-23 N/A
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-2009 1 Simpcms 1 Simpcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-2010 1 Bftpd 1 Bftpd 2026-04-23 N/A
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
CVE-2007-0652 1 Mailenable 1 Mailenable Professional 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
CVE-2007-2050 1 Ricargbook 1 Ricargbook 2026-04-23 N/A
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.
CVE-2007-2051 1 Bftpd 1 Bftpd 2026-04-23 N/A
Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
CVE-2007-2057 1 Aircrack-ng 1 Airodump-ng 2026-04-23 N/A
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
CVE-2007-2061 1 Afterlogic 1 Mailbee Webmail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2009-0220 1 Microsoft 1 Office Powerpoint 2026-04-23 N/A
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
CVE-2007-2083 1 Zonelabs 1 Zonealarm 2026-04-23 N/A
vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.