Search Results (29943 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1606 1 W-agora 1 W-agora 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.
CVE-2007-2664 1 Tomasz Rekawek 1 Yet Another Asterisk Panel 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
CVE-2007-1288 1 Webmobo 1 Wbnews 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
CVE-2007-0982 1 Taskfreak 1 Taskfreak 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1025 1 Virtualsystem 1 Vs-link-partner 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.
CVE-2007-1300 1 Douran Software Technologies 1 Isputil 2026-04-23 N/A
DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0200 1 Geoffrey Golliher 1 Axiom Photo News Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.
CVE-2007-0183 1 Sun 1 Iplanet Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1019 1 Webspell 1 Webspell 2026-04-23 N/A
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
CVE-2007-1117 1 Microsoft 1 Publisher 2026-04-23 N/A
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
CVE-2007-1203 1 Microsoft 2 Excel, Excel Viewer 2026-04-23 N/A
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
CVE-2007-1368 1 Drupal 1 Drupal Project Issue Tracking 2026-04-23 N/A
The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier.
CVE-2007-1435 1 D-link 1 Tftp Server 2026-04-23 N/A
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1509 1 Holtstraeter 1 Rot 13 2026-04-23 N/A
Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter.
CVE-2007-1572 1 Sourceforge 1 Jgbbs 2026-04-23 N/A
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1658 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
CVE-2007-2457 1 Pixaria 1 Pixaria Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.
CVE-2007-2528 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.
CVE-2007-2595 1 Rscript 1 Rsauction 2026-04-23 N/A
RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5850 1 Essen 1 Essentia Web Server 2026-04-23 N/A
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.