Search Results (363375 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6517 1 Aeries 1 Aeries Browser Interface 2026-04-23 N/A
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6518 1 Woltlab 1 Burning Board Lite 2026-04-23 N/A
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
CVE-2007-6519 1 Hp 1 Tru64 2026-04-23 N/A
Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors.
CVE-2007-6534 1 Microsoft 1 Publisher 2026-04-23 N/A
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
CVE-2007-6535 1 Yahoo 1 Toolbar 2026-04-23 N/A
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
CVE-2007-6537 1 Winuae 1 Winuae 2026-04-23 N/A
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
CVE-2007-6538 2 Moodle, Mrbs 2 Moodle, Mrbs 2026-04-23 N/A
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6539 1 Idevspot 1 Isupport 2026-04-23 N/A
PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
CVE-2007-6245 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
CVE-2007-6243 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVE-2007-6242 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-23 N/A
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
CVE-2007-6241 1 Beehive Forum 1 Beehive Forum 2026-04-23 N/A
Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unknown "critical" impact and attack vectors, different issues than CVE-2007-6014.
CVE-2007-6225 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.
CVE-2007-6223 1 Phpbb 1 Garage 2026-04-23 N/A
SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.
CVE-2007-6221 1 Tumusika Evolution 1 Tumusika Evolution 2026-04-23 N/A
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6220 2 Debian, Typespeed 2 Debian Linux, Typespeed 2026-04-23 N/A
typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.
CVE-2007-6219 1 Ibm 1 Tivoli Netcool Security Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6217 1 Irola 1 My-time 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-6140 1 Dora Emlak 1 Dora Emlak 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.
CVE-2007-6141 1 Vbtube 1 Vbtube 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.