Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3881 1 Pictures Rating 1 Pictures Rating 2026-04-23 N/A
SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
CVE-2007-3882 1 Popscript.com 1 Expert Advisor 2026-04-23 N/A
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3883 1 Datadynamics 1 Activebar 2026-04-23 N/A
The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
CVE-2007-3926 1 Ipswitch 1 Imail Server 2026-04-23 N/A
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
CVE-2007-3885 1 Aspindir 1 Husrevforum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3886 1 Netimage Media 1 Element Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action.
CVE-2007-3888 1 Insanely Simple Blog 1 Insanely Simple Blog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.
CVE-2007-3889 1 Insanely Simple Blog 1 Insanely Simple Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.
CVE-2007-3890 1 Microsoft 2 Excel, Office 2026-04-23 N/A
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
CVE-2007-3891 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
CVE-2007-4431 1 Apple 1 Safari 2026-04-23 N/A
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
CVE-2007-4432 2 Novell, Suse 2 Suse Linux, Suse Linux 2026-04-23 N/A
Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
CVE-2007-4433 1 Aspindir 1 Text File Search 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2007-4434 1 Aspindir 1 Text File Search 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2007-4435 1 Torrenttrader 1 Torrenttrader 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php.
CVE-2007-4437 1 Ampache 1 Ampache 2026-04-23 N/A
SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
CVE-2007-4439 1 Lighthouse Development 1 Squirrelcart 2026-04-23 N/A
PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php.
CVE-2007-4441 1 Php 1 Php 2026-04-23 N/A
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.
CVE-2007-4442 1 Epic Games 1 Unreal Engine 2026-04-23 N/A
Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII.
CVE-2007-4443 1 Epic Games 1 Unreal Engine 2026-04-23 N/A
The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors.