Export limit exceeded: 29894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1286 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2025-04-09 | N/A |
| Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. | ||||
| CVE-2007-1287 | 1 Php | 1 Php | 2025-04-09 | N/A |
| A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. | ||||
| CVE-2007-1288 | 1 Webmobo | 1 Wbnews | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/. | ||||
| CVE-2007-1289 | 1 Tyger | 1 Bug Tracking System | 2025-04-09 | N/A |
| SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter. | ||||
| CVE-2007-1290 | 1 Tyger | 1 Bug Tracking System | 2025-04-09 | N/A |
| SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1291 | 1 Tyger | 1 Bug Tracking System | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php. | ||||
| CVE-2007-1292 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | N/A |
| SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." | ||||
| CVE-2007-1293 | 1 Rigter Portal System | 1 Rigter Portal System | 2025-04-09 | N/A |
| SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php. | ||||
| CVE-2007-1294 | 1 Divx | 1 Divx Web Player | 2025-04-09 | N/A |
| A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. | ||||
| CVE-2007-1295 | 1 Aj Forum | 1 Aj Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter. | ||||
| CVE-2007-1296 | 1 Aj Square | 1 Aj Classifieds | 2025-04-09 | N/A |
| SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter. | ||||
| CVE-2007-1297 | 1 Aj Square | 1 Ajdating | 2025-04-09 | N/A |
| SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | ||||
| CVE-2007-1298 | 1 Aj Square | 1 Ajauction | 2025-04-09 | N/A |
| SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | ||||
| CVE-2007-1299 | 1 Mani Stats Reader | 1 Mani Stats Reader | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter. | ||||
| CVE-2007-1300 | 1 Douran Software Technologies | 1 Isputil | 2025-04-09 | N/A |
| DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1301 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-09 | N/A |
| Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423. | ||||
| CVE-2007-1303 | 1 Rrdbrowse | 1 Rrdbrowse | 2025-04-09 | N/A |
| Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. | ||||
| CVE-2007-1305 | 1 Savas Place | 1 Savas Guestbook | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters. | ||||
| CVE-2007-1306 | 1 Digium | 1 Asterisk | 2025-04-09 | N/A |
| Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. | ||||