Search Results (120973 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5593 2 Drupal, Fedoraproject 2 Drupal, Fedora 2026-04-23 N/A
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
CVE-2008-0702 1 South River Technologies 1 Titan Ftp Server 2026-04-23 N/A
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
CVE-2007-1292 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
CVE-2007-5602 1 Swiftview 1 Viewer 2026-04-23 N/A
Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox.
CVE-2007-1293 1 Rigter Portal System 1 Rigter Portal System 2026-04-23 N/A
SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.
CVE-2007-5605 1 Hp 1 Instant Support 2026-04-23 N/A
Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.
CVE-2007-1295 1 Aj Forum 1 Aj Forum 2026-04-23 N/A
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
CVE-2007-5607 1 Hp 1 Instant Support 2026-04-23 N/A
Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.
CVE-2008-0720 1 Webmin 2 Usermin, Webmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
CVE-2007-1298 1 Aj Square 1 Ajauction 2026-04-23 N/A
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2007-5612 1 Ibm 1 Director 2026-04-23 N/A
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
CVE-2007-1299 1 Mani Stats Reader 1 Mani Stats Reader 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.
CVE-2008-0721 1 Mambo 1 Com Sermon 2026-04-23 N/A
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
CVE-2007-1301 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-23 N/A
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
CVE-2007-1302 1 Li-scripts 1 Li-guestbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.
CVE-2007-1303 1 Rrdbrowse 1 Rrdbrowse 2026-04-23 N/A
Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-2043 1 Avant-garde Solutions 1 Mosmedia 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.
CVE-2007-5620 1 Zehnet 1 Zz Flashchat 2026-04-23 N/A
Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter.
CVE-2008-0723 1 Planetluc 1 Mynews 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.
CVE-2007-1308 2 Kde, Redhat 2 Konqueror, Enterprise Linux 2026-04-23 N/A
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.