Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2537 | 1 Npds | 1 Npds | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header. | ||||
| CVE-2007-2714 | 1 Matt Mullenweg | 1 Akismet | 2025-04-09 | N/A |
| Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors. | ||||
| CVE-2007-2547 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. | ||||
| CVE-2007-2548 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | N/A |
| Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." | ||||
| CVE-2007-2554 | 1 Associated Press | 1 Newspower | 2025-04-09 | N/A |
| Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript. | ||||
| CVE-2007-2556 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-09 | N/A |
| SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI. | ||||
| CVE-2007-2551 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2007-2562 | 1 Kayako | 1 Esupport | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. | ||||
| CVE-2007-2563 | 1 Versalsoft | 1 Http File Upload Activex Control | 2025-04-09 | N/A |
| Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument. | ||||
| CVE-2007-2564 | 1 Sienzo | 1 Digital Music Mentor | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function. | ||||
| CVE-2007-2565 | 1 Cdelia Software | 1 Imageprocessing | 2025-04-09 | N/A |
| Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. | ||||
| CVE-2007-2566 | 1 Taltech | 1 Tal Bar Code Activex Control | 2025-04-09 | N/A |
| The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package. | ||||
| CVE-2007-2561 | 1 Fipsasp | 1 Fipscms | 2025-04-09 | N/A |
| SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115. | ||||
| CVE-2007-2569 | 1 Practical Creative And Code | 1 Friendly | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. | ||||
| CVE-2007-2570 | 1 Guilain Omont | 1 Wikivi5 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter. | ||||
| CVE-2007-2573 | 1 Phptree | 1 Phptree | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter. | ||||
| CVE-2007-2574 | 1 Archangelmgt | 1 Weblog | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. | ||||
| CVE-2007-2568 | 1 Vcdgear | 1 Vcdgear | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file. | ||||
| CVE-2006-5181 | 1 Joshua Muheim | 1 Phpmywebmin | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the target parameter in (1) change_preferences2.php, (2) create_file.php, (3) upload_local.php, and (4) upload_multi.php, different vectors than CVE-2006-5124. | ||||
| CVE-2007-2580 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | ||||