Export limit exceeded: 348027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348027 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0154 | 1 Webulas | 1 Webulas | 2026-04-23 | N/A |
| Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb. | ||||
| CVE-2007-0159 | 1 Geoip | 1 Geoip | 2026-04-23 | N/A |
| Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename. | ||||
| CVE-2007-1987 | 1 Phpecho Cms | 1 Phpecho Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use | ||||
| CVE-2007-0161 | 1 Hp | 21 Color Laserjet 4650, Officejet 4100, Officejet 5100 and 18 more | 2026-04-23 | N/A |
| The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. | ||||
| CVE-2007-1990 | 1 Sam Crew | 1 Myblog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0166 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. | ||||
| CVE-2007-1991 | 1 Youngzsoft | 1 Cmailserver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. | ||||
| CVE-2007-2891 | 1 Firmworx | 1 Firmworx | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php. | ||||
| CVE-2007-3184 | 2 Apple, Cisco | 2 Mac Os X, Trust Agent | 2026-04-23 | N/A |
| Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | ||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3602 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. | ||||
| CVE-2007-0167 | 2 Ppc Search Engine, Wgs-ppc | 2 Ppc Search Engine, Wgs-ppc | 2026-04-23 | N/A |
| Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/. | ||||
| CVE-2007-0169 | 1 Broadcom | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite | 2026-04-23 | N/A |
| Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service. | ||||
| CVE-2007-0173 | 1 L2j | 1 Statistik Script | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | ||||
| CVE-2007-0174 | 1 Sina | 1 Sina | 2026-04-23 | N/A |
| Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function. | ||||
| CVE-2007-0175 | 1 B2evolution | 1 B2evolution | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. | ||||
| CVE-2007-0176 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | ||||
| CVE-2007-0177 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-0178 | 1 Php Web Scripts | 1 Easy Banner Pro | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | ||||
| CVE-2007-1992 | 1 Mamboxchange | 1 Com Zoom | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/. | ||||