Total
29862 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0967 | 1 Vmware | 8 Esx, Esx Server, Esxi and 5 more | 2025-04-09 | N/A |
| Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. | ||||
| CVE-2007-2122 | 1 Oracle | 1 Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03. | ||||
| CVE-2008-0975 | 1 Double-take Software | 1 Double-take | 2025-04-09 | N/A |
| Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector<T> value. | ||||
| CVE-2007-2130 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. | ||||
| CVE-2007-2166 | 1 Opensurveypilot | 1 Opensurveypilot | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter. | ||||
| CVE-2007-2177 | 1 Microgaming | 1 Download Helper Activex Control | 2025-04-09 | N/A |
| Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2208 | 1 Extreme Phpbb | 1 Extreme Phpbb | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/. | ||||
| CVE-2007-2211 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-09 | N/A |
| SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. | ||||
| CVE-2007-2234 | 1 Punbb | 1 Punbb | 2025-04-09 | N/A |
| include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php. | ||||
| CVE-2007-2236 | 1 Punbb | 1 Punbb | 2025-04-09 | N/A |
| footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file. | ||||
| CVE-2007-2242 | 5 Freebsd, Ietf, Netbsd and 2 more | 5 Freebsd, Ipv6, Netbsd and 2 more | 2025-04-09 | N/A |
| The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. | ||||
| CVE-2007-2301 | 1 Arash | 1 Audiocms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/. | ||||
| CVE-2007-2310 | 1 Bloofoxcms | 1 Bloofoxcms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. | ||||
| CVE-2007-2316 | 1 Open Business Management | 1 Open Business Management | 2025-04-09 | N/A |
| Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." | ||||
| CVE-2007-2321 | 1 Silverstripe | 1 Silverstripe | 2025-04-09 | N/A |
| Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors. | ||||
| CVE-2007-2346 | 1 Php-generics | 1 Php-generics | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php. | ||||
| CVE-2007-2350 | 1 Freepbx | 1 Freepbx | 2025-04-09 | N/A |
| admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. | ||||
| CVE-2007-2352 | 1 Afflib | 1 Afflib | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed. | ||||
| CVE-2007-2355 | 1 Opendap | 1 Server3 | 2025-04-09 | N/A |
| The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
| CVE-2007-2375 | 1 Symantec | 1 Enterprise Security Manager | 2025-04-09 | N/A |
| The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. | ||||