Export limit exceeded: 29900 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29900 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1802 | 1 Maildwarf | 1 Maildwarf | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2308 | 1 Flowers | 1 Flowers | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter. | ||||
| CVE-2007-2684 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. | ||||
| CVE-2007-1973 | 1 Microsoft | 1 Windows Nt | 2026-04-23 | N/A |
| Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. | ||||
| CVE-2007-3280 | 1 Postgresql | 1 Postgresql | 2026-04-23 | N/A |
| The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. | ||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2026-04-23 | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | ||||
| CVE-2007-3277 | 1 Wikindx | 1 Wikindx | 2026-04-23 | N/A |
| Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | ||||
| CVE-2007-2643 | 1 Pinkcrow Designs | 1 Designs Gallery Magazin | 2026-04-23 | N/A |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | ||||
| CVE-2007-2681 | 1 B2evolution | 1 B2evolution | 2026-04-23 | N/A |
| Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter. | ||||
| CVE-2006-5523 | 1 Ez-ticket | 1 Ez-ticket | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter. | ||||
| CVE-2007-2245 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. | ||||
| CVE-2007-3260 | 1 Hp | 1 System Management Homepage | 2026-04-23 | N/A |
| HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | ||||
| CVE-2007-6511 | 1 Websense | 1 Enterpise | 2026-04-23 | N/A |
| Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization. | ||||
| CVE-2007-1972 | 1 Bmc | 1 Performance Manager | 2026-04-23 | N/A |
| PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured | ||||
| CVE-2007-2678 | 1 Netsprint | 1 Netsprint Toolbar | 2026-04-23 | N/A |
| Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-3141 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042. | ||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2026-04-23 | N/A |
| The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | ||||
| CVE-2007-2672 | 1 Thinc4orce Marketing Group | 1 Php Coupon Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. | ||||
| CVE-2007-1798 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. | ||||
| CVE-2007-1784 | 1 Ibm | 1 Lotus Sametime | 2026-04-23 | N/A |
| The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. | ||||