Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4097 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.
CVE-2007-4098 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
CVE-2007-4100 1 Mldonkey 1 Mldonkey 2026-04-23 N/A
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
CVE-2007-4101 1 Global Centre 1 Aplomb Poll 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
CVE-2007-4102 1 Sblog 1 Sblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string.
CVE-2007-4104 1 Wp-feedstats 1 Wordpress Plugin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.
CVE-2007-4105 1 Baidu 1 Soba Search Bar 2026-04-23 N/A
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.
CVE-2007-4106 1 Codewidgets 2 Pay Roll - Time Sheet, Punch Card 2026-04-23 N/A
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4107 1 Phpmyforum 1 Phpmyforum 2026-04-23 N/A
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-4108 1 Codewidgets 1 Online Event Registration Template 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4109 1 Codewidgets 1 Online Event Registration Template 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4110 1 Codewidgets 1 Threaded Discussion Forum Application 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4111 1 Codewidgets 1 Real Estate Listing Website Application Template 2026-04-23 N/A
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4112 1 Advanced Webhost Billing System 1 Advanced Webhost Billing System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
CVE-2007-4113 1 Advanced Webhost Billing System 1 Advanced Webhost Billing System 2026-04-23 N/A
Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors.
CVE-2007-4114 1 Suskunduygular 1 Suskunduygular Uyelik Sistemi 2026-04-23 N/A
Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-4115 1 Itcms 1 Itcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.
CVE-2007-4116 1 Metyus 1 Forum Portal 2026-04-23 N/A
SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.
CVE-2007-4117 1 Platon 1 Phpwebfilemanager 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use
CVE-2007-4118 1 Jx Development 1 Phpvoter 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.inc.php in phpVoter 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.