Export limit exceeded: 366857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2141 | 1 Shoutpro | 1 Shoutpro | 2026-04-23 | N/A |
| Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter. | ||||
| CVE-2007-2150 | 1 Bluearc | 1 Titan | 2026-04-23 | N/A |
| BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | ||||
| CVE-2007-2145 | 1 Minigal | 1 Minigal | 2026-04-23 | N/A |
| The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2146 | 1 Minigal | 1 Minigal | 2026-04-23 | N/A |
| The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2147 | 1 Stephen Craton | 1 Chatness | 2026-04-23 | N/A |
| admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. | ||||
| CVE-2007-2149 | 1 Stephen Craton | 1 Chatness | 2026-04-23 | N/A |
| Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php. | ||||
| CVE-2007-2154 | 1 Cabron Connector | 1 Cabron Connector | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. | ||||
| CVE-2007-2155 | 1 Phpfaber | 1 Topsites | 2026-04-23 | N/A |
| Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php. | ||||
| CVE-2007-2157 | 1 Zomplog | 1 Zomplog | 2026-04-23 | N/A |
| Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2007-2158 | 1 Kooijman-design | 1 Jgallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. | ||||
| CVE-2007-2167 | 1 Aimstats | 1 Aimstats | 2026-04-23 | N/A |
| Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action. | ||||
| CVE-2007-2164 | 1 Kde | 1 Konqueror | 2026-04-23 | N/A |
| Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | ||||
| CVE-2007-2165 | 1 Proftpd Project | 1 Proftpd | 2026-04-23 | N/A |
| The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. | ||||
| CVE-2007-2166 | 1 Opensurveypilot | 1 Opensurveypilot | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter. | ||||
| CVE-2007-2182 | 1 Maran | 1 Php Forum | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter. | ||||
| CVE-2007-2184 | 1 Jchit | 1 Counter | 2026-04-23 | N/A |
| Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter. | ||||
| CVE-2007-2187 | 1 Extremail | 1 Extremail | 2026-04-23 | N/A |
| Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926. | ||||
| CVE-2007-2189 | 1 Mx Smartor | 1 Full Album Pack | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-2190 | 1 Eba News | 1 Eba News | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | ||||
| CVE-2007-2192 | 1 Antonio Da Cruz | 1 Photofiltre Studio | 2026-04-23 | N/A |
| Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file. | ||||