Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0975 | 1 Apache Stats | 1 Apache Stats | 2026-04-23 | N/A |
| Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array. | ||||
| CVE-2006-6754 | 1 Ixprim | 1 Ixprim Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors. | ||||
| CVE-2007-3383 | 1 Apache | 1 Tomcat | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages. | ||||
| CVE-2007-3343 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3344 | 1 Netjukebox | 1 Netjukebox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path. | ||||
| CVE-2007-3345 | 1 Php Accounts | 1 Php Accounts | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter. | ||||
| CVE-2007-3347 | 1 D-link | 2 Dph-540, Dph-541 | 2026-04-23 | N/A |
| The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. | ||||
| CVE-2007-3349 | 1 Aastra Telecom | 1 9112i Sip Phone | 2026-04-23 | N/A |
| The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to (1) cause a denial of service (device freeze) via a malformed SIP message of a certain length or (2) cause a denial of service (continuous ring) via a malformed SIP message of a certain other length. | ||||
| CVE-2007-3351 | 3 Dell, Microsoft, Sj Labs | 3 Axim X3, Windows Mobile, Sjphone | 2026-04-23 | N/A |
| The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. | ||||
| CVE-2007-1437 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | ||||
| CVE-2007-1615 | 1 Scriptmagix | 1 Scriptmagix Jokes | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-6795 | 1 Myphpnuke | 1 Myphpnuke My Egallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | ||||
| CVE-2007-1432 | 1 Grayscale | 1 Grayscale Blog | 2026-04-23 | N/A |
| Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php. | ||||
| CVE-2006-6796 | 1 Mtcms | 1 Mtcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter. | ||||
| CVE-2007-1619 | 1 Scriptmagix | 1 Scriptmagix Photo Rating | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. | ||||
| CVE-2006-3875 | 1 Microsoft | 2 Excel, Excel Viewer | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. | ||||
| CVE-2006-6800 | 1 Limbo Cms | 1 Event Module | 2026-04-23 | N/A |
| PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | ||||
| CVE-2007-4094 | 1 Idevspot | 1 Phphostbot | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776. | ||||
| CVE-2007-1630 | 1 Active Web Softwares | 1 Active Link Engine | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-0901 | 1 Moinmoin | 1 Moinmoin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||