Total
29870 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0105 | 1 Cisco | 1 Secure Access Control Server | 2025-04-09 | N/A |
| Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | ||||
| CVE-2007-0106 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. | ||||
| CVE-2007-0108 | 1 Novell | 1 Client | 2025-04-09 | N/A |
| nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. | ||||
| CVE-2007-0109 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | ||||
| CVE-2007-0112 | 1 Createauction | 1 Createauction | 2025-04-09 | N/A |
| SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-0115 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | N/A |
| Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. | ||||
| CVE-2007-0117 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. | ||||
| CVE-2007-0118 | 1 Edittag | 1 Edittag | 2025-04-09 | N/A |
| Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl. | ||||
| CVE-2007-0121 | 1 Michael Romedahl | 1 Ri Blog | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2007-0123 | 1 Uber Uploader | 1 Uber Uploader | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations. | ||||
| CVE-2007-0129 | 1 Locazo | 1 Locazolist Classifieds | 2025-04-09 | N/A |
| SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. | ||||
| CVE-2007-0130 | 1 Igeneric | 1 Ig Calendar | 2025-04-09 | N/A |
| SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0135 | 1 Aratix | 1 Aratix | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. | ||||
| CVE-2007-0139 | 1 Hp | 1 Openvms | 2025-04-09 | N/A |
| Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. | ||||
| CVE-2007-0140 | 1 Kolayindir Download | 1 Kolayindir Download | 2025-04-09 | N/A |
| SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0141 | 1 Yet Another Link Directory | 1 Yet Another Link Directory | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2007-0142 | 1 Shopstorenow | 1 E-commerce Shopping Cart | 2025-04-09 | N/A |
| SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | ||||
| CVE-2007-0143 | 1 Nune | 1 News Script | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php. | ||||
| CVE-2007-0144 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | ||||
| CVE-2007-0148 | 1 Omnigroup | 1 Omniweb | 2025-04-09 | N/A |
| Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. | ||||