Total
29887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1771 | 1 Ay System Solutions | 1 Web Content System | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter. | ||||
| CVE-2007-1781 | 1 Minna De Office | 1 Minna De Office | 2025-04-09 | N/A |
| Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1788 | 1 Flyspray | 1 Flyspray | 2025-04-09 | N/A |
| Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request. | ||||
| CVE-2007-1792 | 1 Symantec | 2 Mail Security, Mail Security 8820 Appliance | 2025-04-09 | N/A |
| libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02". | ||||
| CVE-2007-1805 | 1 Myxoops | 1 Debaser | 2025-04-09 | N/A |
| SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter. | ||||
| CVE-2007-1814 | 1 Xoops | 1 Core Module | 2025-04-09 | N/A |
| SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377. | ||||
| CVE-2007-1817 | 1 Lykoszine | 1 Lykos Reviews Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. | ||||
| CVE-2007-1823 | 1 T-mobile | 1 Voice Mail Systems | 2025-04-09 | N/A |
| T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | ||||
| CVE-2007-1832 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms." | ||||
| CVE-2009-3382 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-1851 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php. | ||||
| CVE-2007-1895 | 1 Sky Gunning | 1 Myspeach | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. | ||||
| CVE-2006-4809 | 1 Enlightenment | 1 Imlib2 | 2025-04-09 | N/A |
| Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image. | ||||
| CVE-2006-5311 | 1 Buzlas | 1 Buzlas | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-1940 | 1 Ibm | 1 Tivoli Business Service Manager | 2025-04-09 | N/A |
| IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log. | ||||
| CVE-2007-1972 | 1 Bmc | 1 Performance Manager | 2025-04-09 | N/A |
| PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured | ||||
| CVE-2007-1983 | 1 Cyboards | 1 Cyboards Php Lite | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. | ||||
| CVE-2007-1991 | 1 Youngzsoft | 1 Cmailserver | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. | ||||
| CVE-2006-6840 | 1 Phpbb Group | 1 Phpbb | 2025-04-09 | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | ||||
| CVE-2007-2007 | 1 Pl-php | 1 Pl-php | 2025-04-09 | N/A |
| admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1. | ||||