Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1445 1 Betaparticle 1 Betaparticle Blog 2025-04-09 N/A
SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
CVE-2007-4140 1 Lfs 1 Live For Speed S2 2025-04-09 N/A
Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.
CVE-2007-4156 1 Woliocms 1 Woliocms 2025-04-09 N/A
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php.
CVE-2006-5292 1 Exhibit Engine 1 Exhibit Engine 2025-04-09 N/A
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2007-4183 1 Php Arena 1 Pabugs 2025-04-09 N/A
SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2007-1450 1 Phpnuke 1 Php-nuke 2025-04-09 N/A
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.
CVE-2007-1452 1 Php 1 Php 2025-04-09 N/A
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
CVE-2006-5295 1 Clam Anti-virus 1 Clamav 2025-04-09 N/A
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
CVE-2007-1453 1 Php 1 Php 2025-04-09 N/A
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
CVE-2007-4232 1 Andreas Robertz 1 Phpnews 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
CVE-2007-4252 1 Chilkat Software 1 Asp String 2025-04-09 N/A
Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.
CVE-2007-1459 1 Webcreator 1 Webcreator 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.
CVE-2007-3133 1 W1l3d4 1 Webmarket 2025-04-09 N/A
SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4279 1 Frontaccounting 1 Frontaccounting 2025-04-09 N/A
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
CVE-2007-4287 1 Fishcart 1 Fishcart 2025-04-09 N/A
PHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.
CVE-2007-3306 1 Ultrize 1 Minibill 2025-04-09 N/A
PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489.
CVE-2007-3325 1 Lms 1 Lan Management System 2025-04-09 N/A
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
CVE-2007-3213 1 Sporum Forum 1 Sporum Forum 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters.
CVE-2007-3425 1 Zoneo-soft 1 Phptraffica 2025-04-09 N/A
Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.
CVE-2007-4503 1 Joomla 1 Nice Talk 2025-04-09 N/A
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.