Export limit exceeded: 347794 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3204 | 1 Jffnms | 1 Just For Fun Network Management System | 2026-04-23 | N/A |
| SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3208 | 1 Yabb | 1 Yabb | 2026-04-23 | N/A |
| CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code. | ||||
| CVE-2007-3209 | 1 Nongnu | 1 Mail Notification | 2026-04-23 | N/A |
| Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2007-3210 | 1 Cellosoft | 1 Cellosoft Tokens Object | 2026-04-23 | N/A |
| Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3211 | 1 Domain Technologie Control | 1 Domain Technologie Control | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3212 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460. | ||||
| CVE-2007-3213 | 1 Sporum Forum | 1 Sporum Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. | ||||
| CVE-2007-3219 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. | ||||
| CVE-2007-3220 | 1 Xoops | 1 Cjay Content Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656. | ||||
| CVE-2007-3222 | 1 Xoops | 1 Xfsection Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | ||||
| CVE-2007-3223 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions. | ||||
| CVE-2007-3224 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors. | ||||
| CVE-2007-3225 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. | ||||
| CVE-2007-3226 | 1 Dotproject | 1 Dotproject | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. | ||||
| CVE-2007-3231 | 1 Mecab | 1 Mecab | 2026-04-23 | N/A |
| Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. | ||||
| CVE-2007-3232 | 1 Ibm | 1 Totalstorage Ds400 | 2026-04-23 | N/A |
| The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. | ||||
| CVE-2007-3233 | 1 Tec-it | 1 Tbarcode Ocx | 2026-04-23 | N/A |
| The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method. | ||||
| CVE-2007-3234 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | ||||
| CVE-2007-3235 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. | ||||
| CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | ||||