Export limit exceeded: 351531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351531 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6376 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-23 | N/A |
| Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6377 | 1 Badblue | 1 Badblue | 2026-04-23 | N/A |
| Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. | ||||
| CVE-2007-6378 | 1 Badblue | 1 Badblue | 2026-04-23 | N/A |
| Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2007-6379 | 1 Badblue | 1 Badblue | 2026-04-23 | N/A |
| BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. | ||||
| CVE-2007-6380 | 1 E-xoops | 1 E-xoops | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266. | ||||
| CVE-2007-6382 | 1 Robocode | 1 Robocode | 2026-04-23 | N/A |
| The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method. | ||||
| CVE-2007-6396 | 1 Myupb | 1 Flat Php Board | 2026-04-23 | N/A |
| Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile. | ||||
| CVE-2007-6389 | 1 Gnome | 1 Screensaver | 2026-04-23 | N/A |
| The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | ||||
| CVE-2007-6390 | 1 Serendipity | 1 Serendipity | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page. | ||||
| CVE-2007-6391 | 1 Sh-news | 1 Sh-news | 2026-04-23 | N/A |
| SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-6392 | 1 Dominion Web | 1 Dwdirectory | 2026-04-23 | N/A |
| SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI. | ||||
| CVE-2007-6393 | 1 Ace Image Hosting Script | 1 Ace Image Hosting Script | 2026-04-23 | N/A |
| SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. | ||||
| CVE-2007-6394 | 1 P3mbo | 1 Content Injector | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action. | ||||
| CVE-2007-6395 | 1 Flat Php | 1 Board | 2026-04-23 | N/A |
| Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. | ||||
| CVE-2007-6398 | 1 Flat Php | 1 Board | 2026-04-23 | N/A |
| Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie. | ||||
| CVE-2007-6399 | 1 Myupb | 1 Flat Php Board | 2026-04-23 | N/A |
| index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | ||||
| CVE-2007-6400 | 1 Poldoc | 1 Poldoc Document Management System | 2026-04-23 | N/A |
| Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter. | ||||
| CVE-2007-6401 | 2 3ivx, Microsoft | 2 Mpeg-4 Codec, Windows Media Player | 2026-04-23 | N/A |
| Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. | ||||
| CVE-2007-6402 | 2 3ivx, Guliverkli | 2 Mpeg-4 Codec, Media Player Classic | 2026-04-23 | N/A |
| Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401. | ||||
| CVE-2007-6403 | 1 Winamp | 1 Nullsoft Winamp | 2026-04-23 | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certain menu option at the time of the attack. | ||||