Export limit exceeded: 359424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3431 | 1 Valerio Capello | 1 Dagger - The Cutting Edge | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter. | ||||
| CVE-2007-2995 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | ||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2026-04-23 | N/A |
| SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2007-4126 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs. | ||||
| CVE-2007-1725 | 1 Icebb | 1 Icebb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | ||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2007-0381 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues. | ||||
| CVE-2007-1005 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2026-04-23 | N/A |
| Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). | ||||
| CVE-2007-0375 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | ||||
| CVE-2007-0357 | 1 Fritzdsl | 1 Fritzdsl | 2026-04-23 | N/A |
| Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. | ||||
| CVE-2007-0418 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. | ||||
| CVE-2006-6666 | 1 Verliadmin | 1 Verliadmin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter. | ||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2026-04-23 | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | ||||
| CVE-2007-0489 | 1 Visohotlink | 1 Visohotlink | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-0773 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2026-04-23 | N/A |
| The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1. | ||||
| CVE-2007-0509 | 1 Maklerplus | 1 Maklerplus | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages. | ||||
| CVE-2007-3460 | 1 Eva-web | 1 Eva-web | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter. | ||||
| CVE-2007-0543 | 1 Zixforum | 1 Zixforum | 2026-04-23 | N/A |
| ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. | ||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. | ||||
| CVE-2007-0583 | 1 Http Commander | 1 Http Commander | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||