Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3824 1 Mehmet Zati Karahan 1 Mzk Blog 2026-04-23 N/A
SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.
CVE-2007-3026 1 Panda 1 Adminsecure 2026-04-23 N/A
Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.
CVE-2006-7061 1 Scriptsez.net 1 E-dating System 2026-04-23 N/A
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
CVE-2007-1479 1 Creative Guestbook 1 Creative Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
CVE-2006-7068 1 Cliserv 1 Web Community 2026-04-23 N/A
PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.
CVE-2007-3029 1 Microsoft 2 Excel, Office 2026-04-23 N/A
Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
CVE-2007-0658 1 Drupal 2 Drupal, Textimage 2026-04-23 N/A
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.
CVE-2007-3059 1 Sendcard 1 Sendcard 2026-04-23 N/A
SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.
CVE-2007-3840 1 Sitetrafficstats 1 Sitetrafficstats 2026-04-23 N/A
SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2007-4007 1 Article Directory 1 Article Directory 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2007-3065 1 Particle Soft 1 Particle Gallery 2026-04-23 N/A
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.
CVE-2007-3844 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
CVE-2006-7137 1 Tiny Portal 1 Tiny Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox.
CVE-2007-0636 1 Inotify 1 Incron 2026-04-23 N/A
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
CVE-2006-7141 1 Oracle 1 Database Server 2026-04-23 N/A
Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability
CVE-2007-3076 1 Zenturi 1 Zenturi Programchecker 2026-04-23 N/A
A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.
CVE-2007-3078 1 Aigaion 1 Aigaion 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php.
CVE-2007-3081 1 Comdev 1 Comdev Ecommerce 2026-04-23 N/A
PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
CVE-2007-3856 1 Oracle 2 Database Server, Oracle10g 2026-04-23 N/A
Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.
CVE-2006-7164 3 Ibm, Linux, Unix 3 Websphere Application Server, Linux Kernel, Unix 2026-04-23 N/A
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.