Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1772 1 Hp 1 Jetdirect 2026-04-23 N/A
The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.
CVE-2007-0768 1 Yahoo 1 Messenger 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
CVE-2007-1777 1 Php 1 Php 2026-04-23 N/A
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
CVE-2007-1786 1 Hitachi 5 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client and 2 more 2026-04-23 N/A
SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-1788 1 Flyspray 1 Flyspray 2026-04-23 N/A
Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.
CVE-2007-1789 1 Flyspray 1 Flyspray 2026-04-23 N/A
Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests.
CVE-2007-2048 1 Webmethods 1 Glue 2026-04-23 N/A
Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.
CVE-2007-1791 1 Alexscriptengine 1 Picture-engine 2026-04-23 N/A
SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-2019 1 Tomex 1 Phpgalleryscript 2026-04-23 N/A
PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
CVE-2007-2018 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2007-1795 1 Jccorp 1 Urlshrink 2026-04-23 N/A
JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1801 1 Sblog 1 Sblog 2026-04-23 N/A
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
CVE-2007-1804 1 Pulseaudio 1 Pulseaudio 2026-04-23 N/A
PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.
CVE-2007-3171 1 Uebimiau 1 Uebimiau 2026-04-23 N/A
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
CVE-2007-1808 1 Camportail 1 Camportail 2026-04-23 N/A
SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.
CVE-2007-1809 1 Grafx Software 1 Company Website Builder 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.
CVE-2007-1814 1 Xoops 1 Core Module 2026-04-23 N/A
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
CVE-2007-3785 1 Eldos Corporation 1 Secureblackbox 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3165 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
CVE-2007-1820 1 Nortel 2 Callpilot, Meridian Mail 2026-04-23 N/A
Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).