Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0788 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript." | ||||
| CVE-2007-0791 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-0792 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | ||||
| CVE-2007-0793 | 1 Globalmegacorp | 1 Dvddb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | ||||
| CVE-2007-0795 | 1 Wap | 1 Wap Portal Server | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. | ||||
| CVE-2007-0796 | 1 Bluecoat | 1 Winproxy | 2026-04-23 | N/A |
| Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption. | ||||
| CVE-2007-0797 | 1 Bluevirus-design | 1 Sma-db | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter. | ||||
| CVE-2007-0798 | 1 Uapplication | 1 Ublog Reload | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp. | ||||
| CVE-2007-0799 | 1 Uapplication | 1 Ublog | 2026-04-23 | N/A |
| SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-2011 | 1 Deskpro | 1 Deskpro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2007-0800 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | ||||
| CVE-2007-0801 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. | ||||
| CVE-2007-0804 | 1 Ggcms | 1 Ggcms | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file. | ||||
| CVE-2007-0805 | 1 Hp | 1 Tru64 | 2026-04-23 | N/A |
| The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. | ||||
| CVE-2007-0806 | 1 Les News | 1 Les News | 2026-04-23 | N/A |
| Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations. | ||||
| CVE-2007-0807 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. | ||||
| CVE-2007-0808 | 1 Mina Ajans | 1 Mina Ajans Script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script. | ||||
| CVE-2007-0809 | 1 Ptirhiikmods | 1 Mod-ch | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-0810 | 1 Geeklog | 1 Geeklog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog. | ||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | ||||