Export limit exceeded: 346164 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346164 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4918 | 1 Gelatocms | 1 Gelatocms | 2026-04-23 | N/A |
| SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php. | ||||
| CVE-2007-4919 | 1 Jblog | 1 Jblog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php. | ||||
| CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2026-04-23 | N/A |
| server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | ||||
| CVE-2007-2509 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. | ||||
| CVE-2007-4920 | 1 Php Webquest | 1 Php Webquest | 2026-04-23 | N/A |
| SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter. | ||||
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. | ||||
| CVE-2007-4921 | 1 Ajax | 1 File Browser | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter. | ||||
| CVE-2007-2521 | 1 E-gads | 1 E-gads | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | ||||
| CVE-2007-2522 | 1 Broadcom | 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol | 2026-04-23 | N/A |
| Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | ||||
| CVE-2007-2528 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. | ||||
| CVE-2007-4922 | 2 Jeuxflash, Kwsphp | 2 Jeuxflash Module, Kwsphp | 2026-04-23 | N/A |
| SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information. | ||||
| CVE-2007-4923 | 1 Joomla | 1 Joomla Radio | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2007-4925 | 1 Ewire | 1 Payment Client | 2026-04-23 | N/A |
| The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php. | ||||
| CVE-2006-5766 | 1 Article System | 1 Article System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter. | ||||
| CVE-2006-6846 | 1 Cybercoded | 1 While You Were Out Inout Board | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp. | ||||
| CVE-2006-7025 | 1 Sangwan Kim | 1 Bookmark4u | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | ||||
| CVE-2007-2534 | 1 Phphoo3 | 1 Phphoo3 | 2026-04-23 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use | ||||
| CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | ||||
| CVE-2007-2536 | 1 Picozip | 1 Picozip | 2026-04-23 | N/A |
| PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-2052 | 2 Python, Redhat | 3 Python, Enterprise Linux, Network Satellite | 2026-04-23 | N/A |
| Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||||