Export limit exceeded: 347812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347812 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5775 | 1 Bitdefender | 3 Antivirus, Internet Security, Total Security | 2026-04-23 | 9.8 Critical |
| Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-5776 | 1 Blue-collar Productions | 1 I-gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | ||||
| CVE-2007-6173 | 1 Liferay | 1 Liferay Enterprise Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5777 | 1 Blue-collar Productions | 1 I-gallery | 2026-04-23 | N/A |
| Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. | ||||
| CVE-2007-5778 | 1 Flexispy | 1 Mobile Spy | 2026-04-23 | 7.5 High |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | ||||
| CVE-2007-5779 | 1 Gom Player | 1 Gom Player | 2026-04-23 | N/A |
| Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method. | ||||
| CVE-2007-6181 | 1 Redhat | 1 Cygwin | 2026-04-23 | N/A |
| Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19. | ||||
| CVE-2007-5780 | 1 Telematic Lab | 1 Teatro | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | ||||
| CVE-2007-5781 | 1 Sige | 1 Sige | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter. | ||||
| CVE-2007-5783 | 1 Emagic-cms | 1 Emagic Cms.net | 2026-04-23 | N/A |
| SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | ||||
| CVE-2007-6182 | 1 Growth | 1 Ispmanager | 2026-04-23 | N/A |
| The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments. | ||||
| CVE-2007-5784 | 1 Caupo.net | 1 Cauposhop Pro | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | ||||
| CVE-2007-5785 | 1 Jobsiteprofessional | 1 Jobsite Professional | 2026-04-23 | N/A |
| SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-5786 | 1 A-enterprise | 1 Gosamba | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php. | ||||
| CVE-2007-5787 | 1 Phptoys | 1 Micro Login System | 2026-04-23 | N/A |
| Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | ||||
| CVE-2007-5788 | 1 Grandstream | 1 Ht488 | 2026-04-23 | N/A |
| Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message. | ||||
| CVE-2007-6183 | 1 Ruby Gnome2 | 1 Ruby Gnome2 | 2026-04-23 | N/A |
| Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. | ||||
| CVE-2007-5789 | 1 Grandstream | 1 Ht488 | 2026-04-23 | N/A |
| The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060. | ||||
| CVE-2007-6184 | 1 Project Alumni | 1 Project Alumni | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter. | ||||
| CVE-2007-5790 | 1 Globe7 | 1 Globe7 | 2026-04-23 | N/A |
| The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. | ||||