Export limit exceeded: 357240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357240 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3979 | 1 Netart Media | 1 Blog System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | ||||
| CVE-2007-3974 | 1 Jblog | 1 Jblog | 2026-04-23 | N/A |
| admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters. | ||||
| CVE-2007-3986 | 1 Securecomputing | 1 Securityreporter | 2026-04-23 | N/A |
| file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. | ||||
| CVE-2007-3987 | 1 Junction Quest | 1 Image Racer | 2026-04-23 | N/A |
| SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter. | ||||
| CVE-2007-4008 | 1 Entertainment Cms | 1 Entertainment Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | ||||
| CVE-2007-4025 | 1 Sun | 1 Java System Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. | ||||
| CVE-2007-6728 | 1 Xmb Forum | 1 Xmb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration. | ||||
| CVE-2007-4034 | 1 Yahoo | 1 Widgets | 2026-04-23 | N/A |
| Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4059 | 1 Vmware | 1 Workstation | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method. | ||||
| CVE-2007-4061 | 1 Nessus | 1 Vulnerability Scanner | 2026-04-23 | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2007-4069 | 1 Index Script | 1 Index Script | 2026-04-23 | N/A |
| SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-4070 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. | ||||
| CVE-2007-4073 | 1 Tincan | 1 Webbler Cms | 2026-04-23 | N/A |
| Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. | ||||
| CVE-2007-4082 | 1 Alstrasoft | 1 Article Manager Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | ||||
| CVE-2007-5289 | 1 Hp | 2 Mercury Quality Center, Testdirector | 2026-04-23 | N/A |
| HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only. | ||||
| CVE-2007-4110 | 1 Codewidgets | 1 Threaded Discussion Forum Application | 2026-04-23 | N/A |
| SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2009-2538 | 1 Nokia | 4 N810 Internet Tablet, N82, N95 and 1 more | 2026-04-23 | N/A |
| The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | ||||
| CVE-2007-5292 | 1 Splitside | 1 Directory Image Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter. | ||||
| CVE-2009-2539 | 1 Aigo | 1 Aigo Md P8860 | 2026-04-23 | N/A |
| The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | ||||
| CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2026-04-23 | N/A |
| CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | ||||