Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3324 | 1 Comersus Open Technologies | 1 Comersus Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. | ||||
| CVE-2007-3325 | 1 Lms | 1 Lan Management System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | ||||
| CVE-2007-3326 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2. | ||||
| CVE-2007-3327 | 1 Bughunter | 1 Http Server | 2026-04-23 | N/A |
| httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space). | ||||
| CVE-2007-3328 | 1 Interact | 1 Interact | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php. | ||||
| CVE-2007-3329 | 1 Xvid | 1 Xvid | 2026-04-23 | N/A |
| Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file. | ||||
| CVE-2007-3330 | 1 Stphp | 1 Easynews | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization. | ||||
| CVE-2007-3331 | 1 Stphp | 1 Easynews | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post. | ||||
| CVE-2007-3332 | 1 Php-nuke | 1 Satel Lite | 2026-04-23 | N/A |
| Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action. | ||||
| CVE-2007-3334 | 3 Ca, Ingres, Microsoft | 3 Etrust Secure Content Manager, Database Server, All Windows | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-3336 | 1 Ingres | 1 Database Server | 2026-04-23 | N/A |
| Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. | ||||
| CVE-2007-3337 | 1 Ingres | 1 Database Server | 2026-04-23 | N/A |
| wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. | ||||
| CVE-2007-3341 | 1 Microsoft | 2 All Windows, Internet Explorer | 2026-04-23 | N/A |
| Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | ||||
| CVE-2007-3342 | 1 Six Apart | 1 Movable Type | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. | ||||
| CVE-2007-3343 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3344 | 1 Netjukebox | 1 Netjukebox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path. | ||||
| CVE-2007-3345 | 1 Php Accounts | 1 Php Accounts | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter. | ||||
| CVE-2007-3346 | 1 Php Accounts | 1 Php Accounts | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter. | ||||
| CVE-2007-3347 | 1 D-link | 2 Dph-540, Dph-541 | 2026-04-23 | N/A |
| The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. | ||||