Search Results (362480 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4208 1 Morgan Ids 1 Next Gen Portfolio Manager 2026-04-23 N/A
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
CVE-2007-4209 1 Aceboard 1 Aceboard Forum 2026-04-23 N/A
SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-4235 1 Vietphp 1 Vietphp 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
CVE-2007-4237 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
CVE-2007-5394 1 Adobe 1 Pagemaker 2026-04-23 N/A
Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169 and CVE-2007-6432.
CVE-2007-4238 1 Ibm 1 Aix 2026-04-23 N/A
AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.
CVE-2007-5395 2 Abiword, Link Grammar 2 Abiword Link Grammar, Link Grammar 2026-04-23 N/A
Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.
CVE-2007-4240 1 Help Center Live 1 Help Center Live 2026-04-23 N/A
The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.
CVE-2007-4242 1 Astaro 1 Security Gateway 2026-04-23 N/A
The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
CVE-2007-4243 1 Astaro 1 Security Gateway 2026-04-23 N/A
Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
CVE-2007-4244 1 Joomla 1 J Reactions 2026-04-23 N/A
PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
CVE-2007-4249 1 Exportnation 1 Exportnation Toolbar 2026-04-23 N/A
The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
CVE-2007-4253 1 Envolution 1 Envolution 2026-04-23 N/A
SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
CVE-2007-4256 1 Ynp 1 Portal Systems 2026-04-23 N/A
Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
CVE-2007-4258 1 Prozilla 1 Prozilla Pub Site Directory 2026-04-23 N/A
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-4259 1 Ez Photo Sales 1 Ez Photo Sales 2026-04-23 N/A
EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
CVE-2007-4260 1 Ez Photo Sales 1 Ez Photo Sales 2026-04-23 N/A
EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
CVE-2007-5402 1 Layton Technology 1 Helpbox 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551.
CVE-2007-4265 1 Visionera Ab 1 Visionproject 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.
CVE-2007-4267 1 Apple 1 Mac Os X 2026-04-23 N/A
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.