Export limit exceeded: 356530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2624 | 1 Aiocp | 1 Aiocp | 2026-04-23 | N/A |
| Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2625 | 1 Aiocp | 1 Aiocp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2628 | 1 Justin Koivisto | 1 Phpsecurityadmin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | ||||
| CVE-2007-2632 | 1 Php Multi User Randomizer | 1 Php Multi User Randomizer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]. | ||||
| CVE-2007-2626 | 1 Free Php Scripts | 1 Schoolboard | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries | ||||
| CVE-2007-2627 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. | ||||
| CVE-2007-2629 | 1 Bradford Networks | 1 Campusmanager Network Control Application Server | 2026-04-23 | N/A |
| Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | ||||
| CVE-2007-2630 | 1 Activecampaign | 1 1-2-all Broadcast Email | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html. | ||||
| CVE-2007-2633 | 1 Positive Software | 1 Sitestudio | 2026-04-23 | N/A |
| Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter. | ||||
| CVE-2007-2634 | 1 Agner Fog | 1 Aforum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2639 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2026-04-23 | N/A |
| Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors. | ||||
| CVE-2007-2640 | 1 Heiko Stamer | 1 Libtmcg | 2026-04-23 | N/A |
| LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards. | ||||
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter. | ||||
| CVE-2007-2637 | 2 Moinmoin, Ubuntu | 2 Moinmoin, Ubuntu Linux | 2026-04-23 | N/A |
| MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | ||||
| CVE-2007-2638 | 1 Efilecabinet | 1 Efilecabinet | 2026-04-23 | N/A |
| eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures. | ||||
| CVE-2007-2641 | 1 W1l3d4 | 1 Philboard | 2026-04-23 | N/A |
| SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920. | ||||
| CVE-2007-2644 | 1 Morovia | 1 Barcode Activex Control | 2026-04-23 | N/A |
| A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename. | ||||
| CVE-2007-2645 | 1 Libexif | 1 Libexif | 2026-04-23 | N/A |
| Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. | ||||
| CVE-2007-2646 | 1 Yenc32 | 1 Yenc32 | 2026-04-23 | N/A |
| Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file. | ||||
| CVE-2007-2647 | 1 Monalbum | 1 Monalbum | 2026-04-23 | N/A |
| Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter. | ||||