Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3824 | 1 Mehmet Zati Karahan | 1 Mzk Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | ||||
| CVE-2007-3026 | 1 Panda | 1 Adminsecure | 2026-04-23 | N/A |
| Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | ||||
| CVE-2006-7061 | 1 Scriptsez.net | 1 E-dating System | 2026-04-23 | N/A |
| Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks. | ||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | ||||
| CVE-2006-7068 | 1 Cliserv | 1 Web Community | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3. | ||||
| CVE-2007-3029 | 1 Microsoft | 2 Excel, Office | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. | ||||
| CVE-2007-0658 | 1 Drupal | 2 Drupal, Textimage | 2026-04-23 | N/A |
| The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. | ||||
| CVE-2007-3059 | 1 Sendcard | 1 Sendcard | 2026-04-23 | N/A |
| SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message. | ||||
| CVE-2007-3840 | 1 Sitetrafficstats | 1 Sitetrafficstats | 2026-04-23 | N/A |
| SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter. | ||||
| CVE-2007-4007 | 1 Article Directory | 1 Article Directory | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2007-3065 | 1 Particle Soft | 1 Particle Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. | ||||
| CVE-2007-3844 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. | ||||
| CVE-2006-7137 | 1 Tiny Portal | 1 Tiny Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. | ||||
| CVE-2007-0636 | 1 Inotify | 1 Incron | 2026-04-23 | N/A |
| Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." | ||||
| CVE-2006-7141 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability | ||||
| CVE-2007-3076 | 1 Zenturi | 1 Zenturi Programchecker | 2026-04-23 | N/A |
| A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function. | ||||
| CVE-2007-3078 | 1 Aigaion | 1 Aigaion | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. | ||||
| CVE-2007-3081 | 1 Comdev | 1 Comdev Ecommerce | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | ||||
| CVE-2007-3856 | 1 Oracle | 2 Database Server, Oracle10g | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04. | ||||
| CVE-2006-7164 | 3 Ibm, Linux, Unix | 3 Websphere Application Server, Linux Kernel, Unix | 2026-04-23 | N/A |
| SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | ||||