Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1631 | 1 Clbox | 1 Clbox | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use | ||||
| CVE-2007-1630 | 1 Active Web Softwares | 1 Active Link Engine | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1636 | 1 Roseonlinecms | 1 Roseonlinecms | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. | ||||
| CVE-2007-1638 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files. | ||||
| CVE-2007-1639 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files. | ||||
| CVE-2007-1805 | 1 Myxoops | 1 Debaser | 2025-04-09 | N/A |
| SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter. | ||||
| CVE-2007-1635 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2025-04-09 | N/A |
| Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | ||||
| CVE-2007-1644 | 1 Microsoft | 1 All Windows | 2025-04-09 | N/A |
| The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). | ||||
| CVE-2007-1646 | 1 Subhub | 1 Subhub | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe. | ||||
| CVE-2007-1652 | 1 Openid | 1 Openid | 2025-04-09 | N/A |
| OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. | ||||
| CVE-2007-1653 | 1 Glowworm | 1 Glowworm | 2025-04-09 | N/A |
| GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses. | ||||
| CVE-2007-1654 | 1 Netsieben | 1 Netsieben Ssh Library | 2025-04-09 | N/A |
| Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations. | ||||
| CVE-2007-1655 | 1 Tinymux | 1 Tinymux | 2025-04-09 | N/A |
| Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers. | ||||
| CVE-2007-1650 | 1 Pcapsipdump | 1 Pcapsipdump | 2025-04-09 | N/A |
| pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference. | ||||
| CVE-2007-1658 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | N/A |
| Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). | ||||
| CVE-2007-1662 | 1 Pcre | 1 Pcre | 2025-04-09 | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | ||||
| CVE-2007-1932 | 1 Scar4u | 1 Scarnews | 2025-04-09 | N/A |
| Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter. | ||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2025-04-09 | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | ||||
| CVE-2007-1936 | 1 Scar4u.de | 1 Scaradcontroller | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter. | ||||