Export limit exceeded: 346183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1128 | 1 Watersweb Shops | 1 Shop Kit Plus | 2026-04-23 | N/A |
| shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | ||||
| CVE-2007-1129 | 1 Mtcms | 1 Mtcms | 2026-04-23 | N/A |
| Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. | ||||
| CVE-2008-0462 | 1 Drupal | 2 Archive Module, Drupal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-1130 | 1 Scipter.ch | 1 Gastebuch | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | ||||
| CVE-2007-1134 | 1 Watchtower | 1 Watchtower | 2026-04-23 | N/A |
| Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts." | ||||
| CVE-2008-1615 | 2 Amd, Redhat | 4 Amd64, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2026-04-23 | N/A |
| Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | ||||
| CVE-2007-1135 | 1 Sourceforge | 1 Webmplayer | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. | ||||
| CVE-2008-6173 | 1 Clip-share | 1 Clipshare | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2007-1137 | 1 Sourceforge | 1 Putmail | 2026-04-23 | N/A |
| putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. | ||||
| CVE-2008-6177 | 1 Publicwarehouse | 1 Lightblog | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php, and the (3) Lightblog_username cookie parameter to check_user.php. | ||||
| CVE-2007-1138 | 1 Cromosoft | 1 Simple Plantilla Php | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter. | ||||
| CVE-2007-1139 | 1 Cromosoft | 1 Simple Plantilla Php | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension. | ||||
| CVE-2007-1140 | 1 Barekoncept | 1 Pheap | 2026-04-23 | N/A |
| Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2007-1141 | 1 Reamday Enterprises | 1 Magic News Plus | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723. | ||||
| CVE-2007-1142 | 1 Reamday Enterprises | 1 Magic News Plus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | ||||
| CVE-2007-1143 | 1 Jeunes-webmasters | 1 J-web Pics Navigator | 2026-04-23 | N/A |
| Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
| CVE-2007-1144 | 1 Comscripts | 1 J-web Pics Navigator | 2026-04-23 | N/A |
| Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
| CVE-2007-1145 | 1 Kayako | 1 Esupport | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842. | ||||
| CVE-2007-1146 | 1 Delmaa.com | 1 Arabhost | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | ||||
| CVE-2007-1147 | 1 Hbm | 1 Hbm | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter. | ||||