Total
29870 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2025-04-09 | N/A |
| SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | ||||
| CVE-2007-0375 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | ||||
| CVE-2009-0667 | 1 Ocsinventory-ng | 2 Ocs Inventory Ng, Ocsinventory-agent | 2025-04-09 | N/A |
| Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory. | ||||
| CVE-2007-0384 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-0388 | 1 Woltlab | 1 Burning Board | 2025-04-09 | N/A |
| SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. | ||||
| CVE-2007-0389 | 1 Arsdigita | 2 Arsdigita Community Education Solution, Arsdigita Community System | 2025-04-09 | N/A |
| Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI. | ||||
| CVE-2007-0390 | 1 Sabros.us | 1 Sabros.us | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | ||||
| CVE-2007-0394 | 1 Hp | 1 Hp-ux | 2025-04-09 | N/A |
| HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | ||||
| CVE-2007-0395 | 1 Comvironment | 1 Comvironment | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | ||||
| CVE-2007-0397 | 1 Cisco | 2 Adaptive Security Appliance Device Manager, Security Monitoring Analysis And Response System | 2025-04-09 | N/A |
| The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. | ||||
| CVE-2007-0399 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. | ||||
| CVE-2007-0402 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2007-0403 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||
| CVE-2007-0407 | 1 Plain Black | 1 Webgui | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed. | ||||
| CVE-2007-0408 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. | ||||
| CVE-2007-0417 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. | ||||
| CVE-2007-0419 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage). | ||||
| CVE-2007-0421 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. | ||||
| CVE-2007-0424 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. | ||||
| CVE-2007-0426 | 1 Oracle | 1 Weblogic Portal | 2025-04-09 | N/A |
| BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. | ||||