Export limit exceeded: 355994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29937 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | ||||
| CVE-2007-0118 | 1 Edittag | 1 Edittag | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl. | ||||
| CVE-2007-0119 | 1 Edittag | 1 Edittag | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi. | ||||
| CVE-2007-0121 | 1 Michael Romedahl | 1 Ri Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2007-0122 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. | ||||
| CVE-2007-0125 | 1 Kaspersky Lab | 1 Kaspersky Antivirus Engine | 2026-04-23 | N/A |
| Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. | ||||
| CVE-2007-0128 | 1 Digiappz | 1 Digirez | 2026-04-23 | N/A |
| SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | ||||
| CVE-2007-0130 | 1 Igeneric | 1 Ig Calendar | 2026-04-23 | N/A |
| SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0131 | 1 Jamwiki | 1 Jamwiki | 2026-04-23 | N/A |
| JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. | ||||
| CVE-2006-4247 | 1 Plone | 1 Plone | 2026-04-23 | N/A |
| Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | ||||
| CVE-2007-0138 | 1 Fersch | 1 Formbankserver | 2026-04-23 | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0140 | 1 Kolayindir Download | 1 Kolayindir Download | 2026-04-23 | N/A |
| SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0141 | 1 Yet Another Link Directory | 1 Yet Another Link Directory | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2007-0144 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | ||||
| CVE-2007-0145 | 1 Bingo News | 1 Bingo News | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649. | ||||
| CVE-2007-0147 | 1 Cuyahoga | 1 Cuyahoga | 2026-04-23 | N/A |
| Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | ||||
| CVE-2007-0148 | 1 Omnigroup | 1 Omniweb | 2026-04-23 | N/A |
| Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. | ||||
| CVE-2006-4252 | 1 Powerdns | 1 Recursor | 2026-04-23 | N/A |
| PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. | ||||
| CVE-2007-0153 | 1 Adam Jarret | 1 Ajlogin | 2026-04-23 | N/A |
| AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb. | ||||
| CVE-2007-0155 | 1 Harikaonline | 1 Harikaonline | 2026-04-23 | N/A |
| HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb. | ||||