Total
29901 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4054 | 1 Php123 | 1 Top Sites | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2007-4077 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. | ||||
| CVE-2007-4087 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php. | ||||
| CVE-2007-4088 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b. | ||||
| CVE-2007-4090 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4105 | 1 Baidu | 1 Soba Search Bar | 2026-04-23 | N/A |
| A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | ||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2026-04-23 | N/A |
| SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2007-4111 | 1 Codewidgets | 1 Real Estate Listing Website Application Template | 2026-04-23 | N/A |
| SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2007-4112 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation." | ||||
| CVE-2007-4113 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2026-04-23 | N/A |
| Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors. | ||||
| CVE-2007-4114 | 1 Suskunduygular | 1 Suskunduygular Uyelik Sistemi | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4117 | 1 Platon | 1 Phpwebfilemanager | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use | ||||
| CVE-2007-4128 | 1 Firestorm Technologies | 1 Gmaps | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action. | ||||
| CVE-2007-4154 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components. | ||||
| CVE-2007-4160 | 1 Tibco | 1 Rendezvous | 2026-04-23 | N/A |
| The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. | ||||
| CVE-2007-4161 | 1 Tibco | 1 Rendezvous | 2026-04-23 | N/A |
| rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. | ||||
| CVE-2007-6506 | 1 Hp | 1 Software Update | 2026-04-23 | N/A |
| The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. | ||||
| CVE-2007-6511 | 1 Websense | 1 Enterpise | 2026-04-23 | N/A |
| Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization. | ||||
| CVE-2007-4166 | 1 Wordpress | 2 Unamed Theme, Unamed Theme Se | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4176 | 1 Eqdkp | 1 Eqdkp Plus | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors. | ||||