Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3133 1 W1l3d4 1 Webmarket 2026-04-23 N/A
SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3580 1 Phpids 1 Phpids 2026-04-23 N/A
PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script.
CVE-2007-3775 1 Cisco 2 Unified Communications Manager, Unified Presence Server 2026-04-23 N/A
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
CVE-2006-6238 1 Apple 1 Safari 2026-04-23 N/A
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.
CVE-2007-2686 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.
CVE-2007-3134 1 Atom 1 Photoblog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments."
CVE-2007-3581 1 Jedox 1 Palo 2026-04-23 N/A
The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.
CVE-2007-0257 1 Grsecurity 1 Grsecurity Kernel Patch 2026-04-23 7.8 High
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
CVE-2007-2928 1 Lenovo 2 Access Support, Automated Solutions 2026-04-23 N/A
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
CVE-2007-3201 1 Winpt 1 Winpt 2026-04-23 N/A
Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.
CVE-2007-0263 1 Total Commander 1 Total Commander 2026-04-23 N/A
Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2072 1 Ivan Gallery Script 1 Ivan Gallery Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use
CVE-2007-3202 1 Bruce Corkhill 1 Web Wiz Rich Text Editor 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.
CVE-2007-3438 1 Nortel 1 Sip Softphone 2026-04-23 N/A
Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.
CVE-2007-3627 1 Php Lite 1 Calendar Express 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3204 1 Jffnms 1 Just For Fun Network Management System 2026-04-23 N/A
SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3135 1 Atom 1 Photoblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
CVE-2007-3628 1 Pear 1 Structures Datagrid Datasource Mdb2 2026-04-23 N/A
Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."
CVE-2006-5726 1 Sun 1 Solaris 2026-04-23 N/A
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.
CVE-2007-3441 1 Aastra Telecom 1 9112i Sip Phone 2026-04-23 N/A
Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349.