Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3355 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3356 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php. | ||||
| CVE-2007-3357 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors. | ||||
| CVE-2007-3358 | 1 Iptel | 1 Serweb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | ||||
| CVE-2007-3359 | 1 Iptel | 1 Serweb | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3627 | 1 Php Lite | 1 Calendar Express | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3628 | 1 Pear | 1 Structures Datagrid Datasource Mdb2 | 2026-04-23 | N/A |
| Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." | ||||
| CVE-2007-3629 | 1 Levent Veysi Portal | 1 Levent Veysi Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2026-04-23 | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | ||||
| CVE-2007-3631 | 1 Gamesitescript | 1 Gamesitescript | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | ||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | ||||
| CVE-2007-3633 | 1 Chilkat Software | 1 Chilkat Zip Activex Control | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. | ||||
| CVE-2007-3641 | 1 Freebsd | 1 Libarchive | 2026-04-23 | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. | ||||
| CVE-2007-3636 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. | ||||
| CVE-2007-3639 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. | ||||
| CVE-2007-3640 | 1 Adobe | 1 Adobe Air | 2026-04-23 | N/A |
| Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE. | ||||
| CVE-2007-3643 | 1 Av Scripts | 1 Av Arcade | 2026-04-23 | N/A |
| admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions. | ||||
| CVE-2007-3644 | 1 Freebsd | 1 Libarchive | 2026-04-23 | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. | ||||
| CVE-2007-3645 | 1 Freebsd | 1 Libarchive | 2026-04-23 | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. | ||||
| CVE-2007-3646 | 1 Flashgamescript | 1 Flashgamescript | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. | ||||