Export limit exceeded: 357832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2286 | 1 Built2go | 1 Php Link Portal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter. | ||||
| CVE-2007-2287 | 1 Comus | 1 Comus | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | ||||
| CVE-2007-2288 | 1 Doruk100.net | 1 Doruk100net | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-2289 | 1 Alexscriptengine | 1 Download-engine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW. | ||||
| CVE-2007-2290 | 1 Cafelog | 1 B2 | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466. | ||||
| CVE-2007-2291 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. | ||||
| CVE-2007-2293 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. | ||||
| CVE-2007-2294 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. | ||||
| CVE-2007-2297 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). | ||||
| CVE-2007-2298 | 1 Gforge | 1 Garennes | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/. | ||||
| CVE-2007-2299 | 1 Frogss | 1 Frogss Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536. | ||||
| CVE-2007-2300 | 1 Surat Kabar | 1 Phpwebnews | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. | ||||
| CVE-2007-2301 | 1 Arash | 1 Audiocms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/. | ||||
| CVE-2007-2302 | 1 Expow | 1 Expow | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter. | ||||
| CVE-2007-2303 | 1 News Manager Deluxe | 1 News Manager Deluxe | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. | ||||
| CVE-2007-2304 | 1 Qdblog | 1 Qdblog | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files. | ||||
| CVE-2007-2305 | 1 Qdblog | 1 Qdblog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2007-2306 | 1 Vwar | 1 Virtual War | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php. | ||||
| CVE-2007-2307 | 1 Webkalk2 | 1 Webkalk2 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | ||||
| CVE-2007-2308 | 1 Flowers | 1 Flowers | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter. | ||||