Export limit exceeded: 347026 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347026 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347026 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2527 | 1 Dynamicpad | 1 Dynamicpad | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. | ||||
| CVE-2007-2544 | 1 Php Toptree Bbs | 1 Php Toptree Bbs | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. | ||||
| CVE-2007-2552 | 1 Wikkawiki | 1 Wikkawiki | 2026-04-23 | N/A |
| The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds. | ||||
| CVE-2007-2558 | 1 Netsliver | 1 Pfa Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use | ||||
| CVE-2007-2561 | 1 Fipsasp | 1 Fipscms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115. | ||||
| CVE-2007-2570 | 1 Guilain Omont | 1 Wikivi5 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter. | ||||
| CVE-2007-2577 | 1 Acp3 | 1 Acp3 | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php. | ||||
| CVE-2007-2587 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). | ||||
| CVE-2007-2590 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2026-04-23 | N/A |
| Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. | ||||
| CVE-2007-2594 | 1 Phpmyportal | 1 Phpmyportal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. | ||||
| CVE-2007-2610 | 1 Openld | 1 Openld | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter. | ||||
| CVE-2007-2618 | 1 Drake Team | 1 Drake Cms | 2026-04-23 | N/A |
| CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | ||||
| CVE-2007-2371 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2026-04-23 | N/A |
| admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action. | ||||
| CVE-2007-2535 | 1 Winace | 1 Winace | 2026-04-23 | N/A |
| WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-2346 | 1 Php-generics | 1 Php-generics | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php. | ||||
| CVE-2007-2338 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. | ||||
| CVE-2007-2337 | 1 Oicgroup | 1 Exponent Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module. | ||||
| CVE-2007-2332 | 1 Nortel | 8 Vpn Router 1010, Vpn Router 1050, Vpn Router 1100 and 5 more | 2026-04-23 | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. | ||||
| CVE-2007-0201 | 1 Tis | 1 Internet Firewall Toolkit | 2026-04-23 | N/A |
| Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). | ||||
| CVE-2007-0209 | 1 Microsoft | 2 Office, Works | 2026-04-23 | N/A |
| Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. | ||||