Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0376 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0448 1 Php 1 Php 2026-04-23 N/A
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
CVE-2007-1180 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
CVE-2007-0407 1 Plain Black 1 Webgui 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.
CVE-2007-0445 1 Kaspersky Lab 2 Kaspersky Anti-virus, Kaspersky Internet Security 2026-04-23 N/A
Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.
CVE-2007-0495 1 Phpsherpa 1 Phpsherpa 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
CVE-2007-1066 2 Cisco, Meetinghouse 4 Secure Services Client, Security Agent, Trust Agent and 1 more 2026-04-23 N/A
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
CVE-2007-1111 1 Activecalendar 1 Activecalendar 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
CVE-2007-1177 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).
CVE-2007-1232 1 Sqlite Manager 1 Sqlite Manager 2026-04-23 N/A
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.
CVE-2007-1292 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
CVE-2007-1604 1 W-agora 1 W-agora 2026-04-23 N/A
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.
CVE-2007-1636 1 Roseonlinecms 1 Roseonlinecms 2026-04-23 N/A
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
CVE-2007-1680 1 Yahoo 1 Messenger 2026-04-23 N/A
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties.
CVE-2007-1717 1 Php 1 Php 2026-04-23 N/A
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
CVE-2007-1767 1 Aol 1 Aol Client Software 2026-04-23 N/A
Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.
CVE-2007-1810 1 Kaotik 1 Kshop 2026-04-23 N/A
SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2104 1 Ixon Cms 1 Ixon Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php.
CVE-2007-2153 1 Atmail 1 Atmail Webmail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2007-2188 1 Extremail 1 Extremail 2026-04-23 N/A
eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.