Export limit exceeded: 362333 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1947 1 Parakey Inc. 1 Firebug 2026-04-23 N/A
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.
CVE-2007-1958 1 Tinymux 1 Tinymux 2026-04-23 N/A
Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.
CVE-2007-1964 2 Mybb, Mybulletinboard 2 Mybb, Mybulletinboard 2026-04-23 N/A
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
CVE-2007-1967 1 Stat12 1 Stat12 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party
CVE-2007-4388 1 2wire 2 1701hg Router, 2071 Router 2026-04-23 N/A
2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.
CVE-2007-1968 1 Sam Crew 1 Myblog 2026-04-23 N/A
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.
CVE-2007-1970 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.
CVE-2007-1981 2 Metamod-p, Microsoft 2 Metamod-p, All Windows 2026-04-23 N/A
The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.
CVE-2007-1986 1 Barnraiser 1 Aroundme 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.
CVE-2007-1997 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
CVE-2007-1999 1 Nazarkin.name 1 Weatimages 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.
CVE-2006-5543 1 Pgosd 1 Pgosd 2026-04-23 N/A
PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-2003 1 Inoutmailinglistmanager 1 Inoutmailinglistmanager 2026-04-23 N/A
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.
CVE-2007-2017 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.
CVE-2007-2018 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2007-2019 1 Tomex 1 Phpgalleryscript 2026-04-23 N/A
PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
CVE-2007-2048 1 Webmethods 1 Glue 2026-04-23 N/A
Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.
CVE-2007-2054 1 Afflib 1 Afflib 2026-04-23 N/A
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
CVE-2007-2055 1 Afflib 1 Afflib 2026-04-23 N/A
AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.
CVE-2007-2059 1 Eiqnetworks 1 Enterprise Security Analyzer 2026-04-23 N/A
Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.