Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4164 | 1 Sun | 1 Java System Web Server | 2026-04-23 | N/A |
| CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. | ||||
| CVE-2007-4166 | 1 Wordpress | 2 Unamed Theme, Unamed Theme Se | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4167 | 1 Al-caricatier | 1 Al-caricatier | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter. | ||||
| CVE-2007-4170 | 1 Al-athkar | 1 Al-athkar | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php. | ||||
| CVE-2007-4171 | 1 Auracms | 1 Modul Forum Sederhana | 2026-04-23 | N/A |
| SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4175 | 1 Openrat | 1 Openrat Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters. | ||||
| CVE-2007-4176 | 1 Eqdkp | 1 Eqdkp Plus | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors. | ||||
| CVE-2007-4209 | 1 Aceboard | 1 Aceboard Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-4177 | 1 Interact | 1 Interact | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328. | ||||
| CVE-2007-4178 | 1 Amg Soft | 1 Webdirector | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter. | ||||
| CVE-2007-4179 | 1 Hp | 2 Address And Routing Parameter Area\(arpa\) Transport, Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details. | ||||
| CVE-2007-4180 | 1 Pluck | 1 Pluck | 2026-04-23 | N/A |
| Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files | ||||
| CVE-2007-4181 | 1 Pluck | 1 Pluck | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request | ||||
| CVE-2007-4182 | 1 Wikiwebweaver | 1 Wikiwebweaver | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/. | ||||
| CVE-2007-4183 | 1 Php Arena | 1 Pabugs | 2026-04-23 | N/A |
| SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. | ||||
| CVE-2007-4184 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | ||||
| CVE-2007-4185 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. | ||||
| CVE-2007-4186 | 1 Joomla | 1 Tour De France Pool | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-4191 | 1 Panda | 1 Panda Antivirus | 2026-04-23 | N/A |
| Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. | ||||
| CVE-2007-4192 | 1 Ide Group | 1 Dvd Rental System Drs | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | ||||