Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0374 2 Joomla, Mambo 2 Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
CVE-2007-0375 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.
CVE-2007-0379 1 Docman 1 Docman 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0381 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
CVE-2007-0383 1 Wdaemon 1 Wdaemon 2026-04-23 N/A
WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug.
CVE-2007-0384 1 Postnuke Software Foundation 1 Postnuke 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0387 1 Joomla 1 Joomla 2026-04-23 N/A
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-0388 1 Woltlab 1 Burning Board 2026-04-23 N/A
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
CVE-2007-0389 1 Arsdigita 2 Arsdigita Community Education Solution, Arsdigita Community System 2026-04-23 N/A
Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.
CVE-2007-0390 1 Sabros.us 1 Sabros.us 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
CVE-2007-0395 1 Comvironment 1 Comvironment 2026-04-23 N/A
PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2007-0396 1 Hp 1 Hp-ux 2026-04-23 N/A
Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.
CVE-2006-5929 1 Phpjobscheduler 1 Phpjobscheduler 2026-04-23 N/A
PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5933 1 Ultrasite 1 Ultrasite 2026-04-23 N/A
SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6946 1 Nec 1 Multiwriter 1700c 2026-04-23 N/A
The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.
CVE-2007-0399 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
CVE-2007-0401 1 Easebay Resources 1 Login Manager 2026-04-23 N/A
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.
CVE-2006-2386 1 Microsoft 1 Outlook Express 2026-04-23 N/A
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
CVE-2007-0406 1 Gxine 1 Gxine 2026-04-23 N/A
Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information.
CVE-2007-0407 1 Plain Black 1 Webgui 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.