Export limit exceeded: 350349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350349 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0584 | 1 G-neric | 1 Php Generic Library And Framework | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
| CVE-2007-0594 | 1 Siteman | 1 Siteman | 2026-04-23 | N/A |
| Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. | ||||
| CVE-2007-0626 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." | ||||
| CVE-2007-0637 | 1 Galeria Zdjec | 1 Galeria Zdjec | 2026-04-23 | N/A |
| Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php. | ||||
| CVE-2007-0680 | 1 Phpbb Tweaked | 1 Phpbb Tweaked | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2009-3746 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. | ||||
| CVE-2007-0692 | 1 Dgnews | 1 Dgnews | 2026-04-23 | N/A |
| DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. | ||||
| CVE-2007-0693 | 1 Dian Gemilang | 1 Dgnews | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | ||||
| CVE-2007-0695 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions. | ||||
| CVE-2007-0711 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2026-04-23 | N/A |
| Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. | ||||
| CVE-2007-0714 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, Windows | 2026-04-23 | N/A |
| Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. | ||||
| CVE-2007-0720 | 3 Apple, Cups, Redhat | 3 Mac Os X, Cups, Enterprise Linux | 2026-04-23 | N/A |
| The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. | ||||
| CVE-2007-0719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. | ||||
| CVE-2007-0732 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." | ||||
| CVE-2007-0746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". | ||||
| CVE-2007-0747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | ||||
| CVE-2007-0738 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. | ||||
| CVE-2007-0766 | 1 Remotesoft | 1 .net Explorer | 2026-04-23 | N/A |
| Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | ||||
| CVE-2007-0795 | 1 Wap | 1 Wap Portal Server | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. | ||||
| CVE-2007-0802 | 2 Mozilla, Opera | 2 Firefox, Opera Browser | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | ||||