Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5154 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.
CVE-2007-0573 1 Nsgalphp 1 Nsgalphp 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.
CVE-2006-4685 1 Microsoft 2 Xml Core Services, Xml Parser 2026-04-23 N/A
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
CVE-2007-0575 1 Stefan Holmberg 1 Admentor 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields.
CVE-2006-5155 1 Videodb 1 Videodb 2026-04-23 N/A
PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
CVE-2007-0580 1 Javier Suarez Sanz 1 Foro Domus 2026-04-23 N/A
PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.
CVE-2007-0583 1 Http Commander 1 Http Commander 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0584 1 G-neric 1 Php Generic Library And Framework 2026-04-23 N/A
PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2007-0589 1 Forum Livre 1 Forum Livre 2026-04-23 N/A
SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp.
CVE-2007-0590 1 Forum Livre 1 Forum Livre 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.
CVE-2007-0592 1 Indexcor 1 Ezdatabase 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.
CVE-2007-0593 1 Siteman 1 Siteman 2026-04-23 N/A
Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.
CVE-2007-0597 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.
CVE-2007-0598 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.
CVE-2007-0600 2 Makit, Martyn Kilbryde 2 Newsposter Script, Newsposter Script 2026-04-23 N/A
SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.
CVE-2007-0601 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.
CVE-2007-0604 1 Six Apart Ltd 1 Movable Type 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231.
CVE-2007-0605 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.
CVE-2007-0607 1 W-agora 1 W-agora 2026-04-23 N/A
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.
CVE-2007-0608 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-23 N/A
Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.