Export limit exceeded: 363836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3695 1 Broadcom 1 Erwin Process Modeler 2026-04-23 N/A
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
CVE-2007-3536 1 Amx 1 Netlinx Vnc Activex Control 2026-04-23 N/A
Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values.
CVE-2007-3538 1 Qt-cute 1 Quicktalk Guestbook 2026-04-23 N/A
SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3354 1 Scriptdevelopers.net 1 Netclassifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.
CVE-2007-3543 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
CVE-2007-3334 3 Ca, Ingres, Microsoft 3 Etrust Secure Content Manager, Database Server, All Windows 2026-04-23 N/A
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-3547 1 Qt-cute 1 Quickticket 2026-04-23 N/A
Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter.
CVE-2007-3553 1 Oracle 2 Application Server, Rapid Install Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3556 1 Doubleflex 1 Liesbeth Base Cms 2026-04-23 N/A
Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc.
CVE-2007-3557 1 Wheatblog 1 Wheatblog 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
CVE-2007-3560 1 Esqlanelapse 1 Esqlanelapse 2026-04-23 N/A
Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors.
CVE-2007-3561 1 Webixir 1 Efendy Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3567 1 Mysqldumper 1 Mysqldumper 2026-04-23 N/A
MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.
CVE-2007-3698 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2026-04-23 N/A
The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
CVE-2007-3569 1 Softlink Europe 1 Oliver Library Management System 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on.
CVE-2007-3572 1 Yoggie 2 Pico, Pico Pro 2026-04-23 N/A
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
CVE-2007-2344 1 Enterasys 2 Netsight Console, Netsight Inventory Manager 2026-04-23 N/A
The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field.
CVE-2007-3575 1 Freedomain.co.nr 1 Clone 2026-04-23 N/A
SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.
CVE-2007-3631 1 Gamesitescript 1 Gamesitescript 2026-04-23 N/A
SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.
CVE-2007-3589 1 B1g 1 B1gbb 2026-04-23 N/A
Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.