Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2614 1 Phphtmllib 1 Phphtmllib 2026-04-23 N/A
PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.
CVE-2007-2616 1 Novell 1 Netmail 2026-04-23 N/A
Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.
CVE-2007-2617 1 Sun 2 Net Connect Software, Solaris 2026-04-23 N/A
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
CVE-2007-2618 1 Drake Team 1 Drake Cms 2026-04-23 N/A
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
CVE-2007-2621 1 Extrovert Software 1 Thyme Calndar 2026-04-23 N/A
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
CVE-2007-2624 1 Aiocp 1 Aiocp 2026-04-23 N/A
Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information.
CVE-2007-2630 1 Activecampaign 1 1-2-all Broadcast Email 2026-04-23 N/A
Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.
CVE-2007-2633 1 Positive Software 1 Sitestudio 2026-04-23 N/A
Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.
CVE-2007-2635 1 Interchange Development Group 1 Interchange 2026-04-23 N/A
Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
CVE-2007-2656 1 Hp 1 Hpqvwocx.dll 2026-04-23 N/A
Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method.
CVE-2007-2663 1 Beacon 1 Beacon 2026-04-23 N/A
PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.
CVE-2007-2664 1 Tomasz Rekawek 1 Yet Another Asterisk Panel 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
CVE-2007-2660 2 Cjg Explorer Pro, Vincent Blavet 2 Cjg Explorer Pro, Phpconcept Library 2026-04-23 N/A
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
CVE-2007-2675 1 Pre Projects 1 Pre Classifieds Listings 2026-04-23 N/A
SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2007-2676 1 Open Translation Engine 1 Open Translation Engine 2026-04-23 N/A
PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
CVE-2007-2679 1 Simple Php Scripts Gallery 1 Simple Php Scripts Gallery 2026-04-23 N/A
PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2684 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
CVE-2007-2685 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
CVE-2007-2687 1 Microworld Technologies 1 Escan 2026-04-23 N/A
Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.
CVE-2007-2689 1 Checkpoint 1 Web Intelligence 2026-04-23 N/A
Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.