Export limit exceeded: 346175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0596 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. | ||||
| CVE-2007-0597 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. | ||||
| CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | ||||
| CVE-2007-1695 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly | ||||
| CVE-2007-0599 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. | ||||
| CVE-2007-1696 | 1 Active Web Softwares | 1 Active Newsletter | 2026-04-23 | N/A |
| SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter. | ||||
| CVE-2007-0603 | 1 Pgp | 1 Corporate Desktop | 2026-04-23 | N/A |
| PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. | ||||
| CVE-2007-1697 | 1 Philex | 1 Philex | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter. | ||||
| CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. | ||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2026-04-23 | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | ||||
| CVE-2007-0605 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. | ||||
| CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-0606 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | ||||
| CVE-2007-1704 | 1 Joomla | 1 Car Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0608 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. | ||||
| CVE-2007-1705 | 1 Active Trade | 1 Active Trade | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1706 | 1 Ewebquiz | 1 Ewebquiz | 2026-04-23 | N/A |
| SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. | ||||
| CVE-2007-1709 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. | ||||
| CVE-2007-1710 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | ||||
| CVE-2007-0609 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php. | ||||