Export limit exceeded: 29902 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2067 | 1 Webslider | 1 Webslider | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. | ||||
| CVE-2007-2069 | 1 Openmairie | 1 Openmairie | 2026-04-23 | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter. | ||||
| CVE-2007-2071 | 1 Open-gorotto | 1 Open-gorotto | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. | ||||
| CVE-2007-2072 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use | ||||
| CVE-2007-2073 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session. | ||||
| CVE-2007-2074 | 1 Scramdisk 4 Linux | 1 Scramdisk 4 Linux | 2026-04-23 | N/A |
| Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers. | ||||
| CVE-2007-2075 | 1 Scramdisk 4 Linux | 1 Scramdisk 4 Linux | 2026-04-23 | N/A |
| ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container. | ||||
| CVE-2007-2077 | 1 Maian | 1 Search | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." | ||||
| CVE-2007-2078 | 1 Maian | 1 Weblog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use | ||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2026-04-23 | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | ||||
| CVE-2007-2080 | 1 Xampp | 1 Apache Distribution | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. | ||||
| CVE-2007-2081 | 1 Myblog | 1 Myblog | 2026-04-23 | N/A |
| MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. | ||||
| CVE-2007-2082 | 1 Myblog | 1 Myblog | 2026-04-23 | N/A |
| Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | ||||
| CVE-2007-2083 | 1 Zonelabs | 1 Zonealarm | 2026-04-23 | N/A |
| vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. | ||||
| CVE-2007-2086 | 1 Cnstats | 1 Cnstats | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/. | ||||
| CVE-2007-2087 | 1 Cnstats | 1 Cnstats | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2088 | 1 Sitebar | 1 Sitebar | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php. | ||||
| CVE-2007-2089 | 1 Jx Development | 1 Article Component | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/. | ||||
| CVE-2007-2090 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-2093 | 1 Limesoft | 1 Limesoft Guestbook | 2026-04-23 | N/A |
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter. | ||||