Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2636 1 Jason Frisvold 1 Phptodo 2026-04-23 N/A
Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information.
CVE-2007-2635 1 Interchange Development Group 1 Interchange 2026-04-23 N/A
Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
CVE-2007-2634 1 Agner Fog 1 Aforum 2026-04-23 N/A
PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2633 1 Positive Software 1 Sitestudio 2026-04-23 N/A
Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.
CVE-2007-2632 1 Php Multi User Randomizer 1 Php Multi User Randomizer 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].
CVE-2007-2631 1 Squirrelmail 1 Squirrelmail 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
CVE-2007-2630 1 Activecampaign 1 1-2-all Broadcast Email 2026-04-23 N/A
Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.
CVE-2007-2735 1 Touteresa 1 Resmanager 2026-04-23 N/A
SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter.
CVE-2007-2736 9 Achievo, Apple, Hp and 6 more 18 Achievo, A Ux, Mac Os X and 15 more 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2007-2737 1 Xoops 1 Myconference Module 2026-04-23 N/A
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2738 1 Xoops 1 Xoops Glossaire Module 2026-04-23 N/A
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
CVE-2007-2739 1 Xajax 1 Xajax 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-2740 1 Xajax 1 Xajax 2026-04-23 N/A
Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.
CVE-2007-2742 1 Labs.beffa.org 1 W2box 2026-04-23 N/A
Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg.
CVE-2007-2743 1 Glossword 1 Glossword 2026-04-23 N/A
PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
CVE-2007-2744 1 Precisionid Barcode 1 Precisionid Barcode 2026-04-23 N/A
Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657.
CVE-2007-2746 1 Plain Black 1 Webgui 2026-04-23 N/A
The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact.
CVE-2007-2747 1 Rdiffweb 1 Rdiffweb 2026-04-23 N/A
Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.
CVE-2007-2749 1 Faqengine 1 Faqengine 2026-04-23 N/A
SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.
CVE-2007-2750 1 Simpnews 1 Simpnews 2026-04-23 N/A
SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.