Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3616 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
CVE-2007-2911 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
CVE-2007-2126 1 Oracle 1 E-business Suite 2026-04-23 N/A
Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).
CVE-2007-0366 1 Maxum Development Corporation 1 Rumpus Ftp Server 2026-04-23 N/A
Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.
CVE-2007-0367 1 Maxum Development Corporation 1 Rumpus Ftp Server 2026-04-23 N/A
Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.
CVE-2007-2128 1 Oracle 1 E-business Suite 2026-04-23 N/A
Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.
CVE-2007-2129 1 Oracle 1 Enterprise Manager 2026-04-23 N/A
Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.
CVE-2007-0381 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
CVE-2007-0400 1 Easebay Resources 1 Login Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2007-0402 1 Easebay Resources 1 Paypal Subscription Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2007-3791 1 Policyd 1 Policyd 2026-04-23 N/A
Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
CVE-2007-1300 1 Douran Software Technologies 1 Isputil 2026-04-23 N/A
DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3354 1 Scriptdevelopers.net 1 Netclassifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.
CVE-2007-1301 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-23 N/A
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
CVE-2007-2514 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2026-04-23 N/A
Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.
CVE-2007-3086 1 Agnitum 1 Outpost Firewall 2026-04-23 N/A
Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.
CVE-2007-3355 1 Scriptdevelopers.net 1 Netclassifieds 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3528 1 Dar 1 Dar 2026-04-23 N/A
The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.
CVE-2007-2136 1 Bmc 1 Patrol Perform Agent 2026-04-23 N/A
Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.
CVE-2007-2959 1 Cpcommerce 1 Cpcommerce 2026-04-23 N/A
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.