Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3202 | 1 Bruce Corkhill | 1 Web Wiz Rich Text Editor | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document. | ||||
| CVE-2007-3203 | 1 Software602 | 1 602pro Lan Suite | 2025-04-09 | N/A |
| Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3208 | 1 Yabb | 1 Yabb | 2025-04-09 | N/A |
| CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code. | ||||
| CVE-2007-3209 | 1 Nongnu | 1 Mail Notification | 2025-04-09 | N/A |
| Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2007-3211 | 1 Domain Technologie Control | 1 Domain Technologie Control | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3213 | 1 Sporum Forum | 1 Sporum Forum | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. | ||||
| CVE-2007-3226 | 1 Dotproject | 1 Dotproject | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. | ||||
| CVE-2007-3225 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. | ||||
| CVE-2007-3231 | 1 Mecab | 1 Mecab | 2025-04-09 | N/A |
| Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. | ||||
| CVE-2007-3232 | 1 Ibm | 1 Totalstorage Ds400 | 2025-04-09 | N/A |
| The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. | ||||
| CVE-2007-3234 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | ||||
| CVE-2007-3235 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. | ||||
| CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | ||||
| CVE-2007-3237 | 1 Xoops | 1 Tinycontent Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | ||||
| CVE-2007-3230 | 1 Simian Systems Inc | 1 Sitellite | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter. | ||||
| CVE-2007-3241 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. | ||||
| CVE-2007-3243 | 1 Bbpress | 1 Bbpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header. | ||||
| CVE-2007-3244 | 1 Bbpress | 1 Bbpress | 2025-04-09 | N/A |
| SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug." | ||||
| CVE-2007-3245 | 1 Irc Services | 1 Irc Services | 2025-04-09 | N/A |
| IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered. | ||||
| CVE-2007-3248 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic. | ||||