Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0129 1 Locazo 1 Locazolist Classifieds 2026-04-23 N/A
SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.
CVE-2007-0130 1 Igeneric 1 Ig Calendar 2026-04-23 N/A
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0137 1 Serendipitynz 2 Serene Bach, Serene Bach Sb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0138 1 Fersch 1 Formbankserver 2026-04-23 N/A
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0140 1 Kolayindir Download 1 Kolayindir Download 2026-04-23 N/A
SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0141 1 Yet Another Link Directory 1 Yet Another Link Directory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2007-0144 1 Digitizing Quote And Ordering System 1 Digitizing Quote And Ordering System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.
CVE-2007-0145 1 Bingo News 1 Bingo News 2026-04-23 N/A
PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.
CVE-2007-0147 1 Cuyahoga 1 Cuyahoga 2026-04-23 N/A
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.
CVE-2007-0148 1 Omnigroup 1 Omniweb 2026-04-23 N/A
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
CVE-2007-0153 1 Adam Jarret 1 Ajlogin 2026-04-23 N/A
AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.
CVE-2007-0154 1 Webulas 1 Webulas 2026-04-23 N/A
Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.
CVE-2007-0156 1 M-core 1 M-core 2026-04-23 N/A
M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.
CVE-2007-0157 1 Neon 1 Neon 2026-04-23 N/A
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
CVE-2007-0162 1 Unsanity 1 Application Enhancer 2026-04-23 N/A
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
CVE-2007-0163 1 Securekit 1 Securekit Steganography 2026-04-23 N/A
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.
CVE-2007-0165 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
CVE-2007-1410 1 Gaziyapboz 1 Game Portal 2026-04-23 N/A
SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
CVE-2007-0170 1 Allmyphp 1 Allmyvisitors 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
CVE-2007-0171 1 Allmylinks Project 1 Allmylinks 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.