Export limit exceeded: 345507 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3433 | 1 Netart Media | 1 Pharmacy System | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action. | ||||
| CVE-2007-3431 | 1 Valerio Capello | 1 Dagger - The Cutting Edge | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter. | ||||
| CVE-2007-3430 | 1 Simple Invoices | 1 Simple Invoices | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action. | ||||
| CVE-2007-3429 | 1 E107 | 1 E107 | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg. | ||||
| CVE-2007-3428 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076. | ||||
| CVE-2007-3427 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action. | ||||
| CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2007-3425 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2. | ||||
| CVE-2007-3424 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3423 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3422 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3421 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3418 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users. | ||||
| CVE-2007-3417 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function. | ||||
| CVE-2007-3415 | 1 Phpraider | 1 Phpraider | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter. | ||||
| CVE-2007-3414 | 1 Access2asp | 1 Access2asp | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp. | ||||
| CVE-2007-3413 | 1 Bitego | 1 Bosdatagrid | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component. | ||||
| CVE-2007-3412 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. | ||||