Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1986 | 1 Barnraiser | 1 Aroundme | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533. | ||||
| CVE-2007-1988 | 1 Phpecho Cms | 1 Phpecho Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2007-1997 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. | ||||
| CVE-2007-1999 | 1 Nazarkin.name | 1 Weatimages | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter. | ||||
| CVE-2007-2006 | 1 Pl-php | 1 Pl-php | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter. | ||||
| CVE-2007-2008 | 1 Pl-php | 1 Pl-php | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2007-2009 | 1 Simpcms | 1 Simpcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | ||||
| CVE-2007-2014 | 1 Mynews | 1 Mynews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. | ||||
| CVE-2007-2015 | 1 Request It | 1 Request It | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | ||||
| CVE-2007-2016 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. | ||||
| CVE-2007-2017 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request. | ||||
| CVE-2007-2018 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2020 | 1 Xodagallery | 1 Xodagallery | 2026-04-23 | 9.8 Critical |
| Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion | ||||
| CVE-2007-2021 | 1 Pineapple Technologies | 1 Lore | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4. | ||||
| CVE-2007-2023 | 1 Secustick | 1 Secustick Usb Flash Drive | 2026-04-23 | N/A |
| USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. | ||||
| CVE-2007-2025 | 1 Phpwiki | 1 Phpwiki | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. | ||||
| CVE-2007-2028 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2026-04-23 | N/A |
| Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. | ||||
| CVE-2007-1707 | 1 Net-side.net | 1 Net Side Content Management System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter. | ||||
| CVE-2007-1710 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | ||||
| CVE-2007-1713 | 1 B21soft | 1 Basp21 | 2026-04-23 | N/A |
| CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines. | ||||