Total
29935 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0829 | 1 Alwil | 1 Avast Antivirus | 2026-04-23 | N/A |
| avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. | ||||
| CVE-2007-0835 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0836 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0838 | 1 Freeproxy | 1 Freeproxy | 2026-04-23 | N/A |
| FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself. | ||||
| CVE-2007-0840 | 1 Hlstats | 1 Hlstats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454. | ||||
| CVE-2007-5584 | 1 Cisco | 3 7600 Router, Catalyst 6500, Firewall Services Module | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." | ||||
| CVE-2007-0841 | 1 Vbdrupal | 1 Vbdrupal | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. | ||||
| CVE-2007-0845 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-23 | N/A |
| admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1. | ||||
| CVE-2007-0847 | 1 Open Tibia Server Cms | 1 Open Tibia Server Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php. | ||||
| CVE-2007-0850 | 1 Syscp Team | 1 Syscp | 2026-04-23 | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. | ||||
| CVE-2007-0851 | 1 Trend Micro | 23 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 20 more | 2026-04-23 | N/A |
| Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. | ||||
| CVE-2007-0852 | 1 Techexcel Inc. | 1 Devtrack | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0856 | 1 Trend Micro | 8 Client-server-messaging Security, Damage Cleanup Services, Pc-cillin Internet Security and 5 more | 2026-04-23 | N/A |
| TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context. | ||||
| CVE-2007-0859 | 1 Palm | 1 Treo | 2026-04-23 | N/A |
| The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys. | ||||
| CVE-2007-0860 | 1 Laboratory For Optical And Computational Instrumentation | 1 Local Calendar System | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use | ||||
| CVE-2007-5591 | 1 Nortel | 6 Communications Server, Meridian Option 11c, Meridian Option 51c and 3 more | 2026-04-23 | N/A |
| The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports. | ||||
| CVE-2007-0861 | 1 Phpcoin | 1 Phpcoin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached | ||||
| CVE-2007-0863 | 1 Trevorchan | 1 Trevorchan | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php | ||||
| CVE-2007-0873 | 1 Nabocorp | 1 Nabopoll | 2026-04-23 | N/A |
| nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | ||||
| CVE-2007-0877 | 1 March Networks | 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||