Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0150 | 1 Dayfox Designs | 1 Dayfox Blog | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. | ||||
| CVE-2007-0151 | 1 Mitisoft | 1 Mitisoft | 2025-04-09 | N/A |
| MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. | ||||
| CVE-2007-0147 | 1 Cuyahoga | 1 Cuyahoga | 2025-04-09 | N/A |
| Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | ||||
| CVE-2007-0156 | 1 M-core | 1 M-core | 2025-04-09 | N/A |
| M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. | ||||
| CVE-2007-0165 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | N/A |
| Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | ||||
| CVE-2007-0166 | 1 Freebsd | 1 Freebsd | 2025-04-09 | N/A |
| The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. | ||||
| CVE-2007-0174 | 1 Sina | 1 Sina | 2025-04-09 | N/A |
| Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function. | ||||
| CVE-2007-0180 | 1 Ef Software | 1 Ef Commander | 2025-04-09 | N/A |
| Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow. | ||||
| CVE-2007-0178 | 1 Php Web Scripts | 1 Easy Banner Pro | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | ||||
| CVE-2007-0183 | 1 Sun | 1 Iplanet Web Server | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0189 | 1 Geobb | 1 Georgian Bulletin Board | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value | ||||
| CVE-2007-0190 | 1 Edit-x | 1 Ecommerce | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | ||||
| CVE-2007-0198 | 1 Cisco | 4 Ip Contact Center Enterprise, Ip Contact Center Hosted, Unified Contact Center Enterprise and 1 more | 2025-04-09 | N/A |
| The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. | ||||
| CVE-2007-0199 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." | ||||
| CVE-2007-0480 | 1 Cisco | 1 Ios Transmission Control Protocol | 2025-04-09 | N/A |
| Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet. | ||||
| CVE-2007-0481 | 1 Cisco | 1 Ios Transmission Control Protocol | 2025-04-09 | N/A |
| Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header. | ||||
| CVE-2007-0487 | 1 Zoneo-soft | 1 Freeforum | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used | ||||
| CVE-2007-0488 | 1 Huawei | 1 Versatile Routing Platform | 2025-04-09 | N/A |
| The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command. | ||||
| CVE-2007-0490 | 1 Open-realty | 1 Open-realty | 2025-04-09 | N/A |
| index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | ||||
| CVE-2007-0491 | 1 Sky Gunning | 1 Myspeach | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information. | ||||