Search Results (121006 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5261 1 Iscripts 1 Multicart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
CVE-2007-0568 1 Myphpcommander 1 Myphpcommander 2026-04-23 N/A
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.
CVE-2007-0569 1 X-dev 1 Xnews 2026-04-23 N/A
SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.
CVE-2007-5263 1 Battlefront 1 Dropteam 2026-04-23 N/A
Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via (1) a crafted "0x5c" packet or (2) many 32-bit numbers in a "0x18" packet, or cause a denial of service (crash) via (3) a large "0x4b" packet.
CVE-2008-0578 1 Tripwire 1 Tripwire Enterprise 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the web management login page in Tripwire Enterprise 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0570 1 Johannes Gijsbers 1 Ad Fundum Integratable News Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.
CVE-2007-5269 2 Libpng, Redhat 2 Libpng, Enterprise Linux 2026-04-23 N/A
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
CVE-2007-0571 1 Phpmyreports 1 Phpmyreports 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.
CVE-2007-0573 1 Nsgalphp 1 Nsgalphp 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.
CVE-2007-0578 1 Mpg123 1 Mpg123 2026-04-23 N/A
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
CVE-2007-5270 1 Bendiken 1 Boost Module For Drupal 2026-04-23 N/A
Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5.x before 5.x-1.0, for Drupal allows remote attackers to create or overwrite arbitrary files, and conduct cross-site scripting attacks (XSS) via unspecified vectors.
CVE-2007-0579 1 Horde 1 Groupware 2026-04-23 N/A
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-0580 1 Javier Suarez Sanz 1 Foro Domus 2026-04-23 N/A
PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.
CVE-2007-0582 1 Chernobile 1 Chernobile 2026-04-23 N/A
SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.
CVE-2007-0583 1 Http Commander 1 Http Commander 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0585 1 Webfwlog 1 Webfwlog 2026-04-23 N/A
include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.
CVE-2007-0588 1 Apple 2 Mac Os X, Quicktime 2026-04-23 N/A
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
CVE-2007-0592 1 Indexcor 1 Ezdatabase 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.
CVE-2007-0594 1 Siteman 1 Siteman 2026-04-23 N/A
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.
CVE-2007-0596 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.