Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2425 | 1 Blackdot | 1 Imageview | 2025-04-09 | N/A |
| Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter. | ||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue. | ||||
| CVE-2007-2423 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2421 | 1 Hitachi | 1 Groupmax Mobile Option | 2025-04-09 | N/A |
| Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2424 | 1 The Merchant Project | 1 The Merchant | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter. | ||||
| CVE-2007-2420 | 1 Burak Yilmaz | 1 Burak Yilmaz Blog | 2025-04-09 | N/A |
| SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2432 | 1 Nukedit | 1 Nukedit | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2433 | 1 Ariadne | 1 Ariadne Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2437 | 1 X.org | 2 X Window System, Xserver | 2025-04-09 | N/A |
| The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. | ||||
| CVE-2007-2439 | 1 Caucho Technology | 1 Resin | 2025-04-09 | N/A |
| Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. | ||||
| CVE-2007-2440 | 1 Caucho Technology | 1 Resin | 2025-04-09 | N/A |
| Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. | ||||
| CVE-2007-2441 | 1 Caucho Technology | 1 Resin | 2025-04-09 | N/A |
| Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. | ||||
| CVE-2007-2443 | 4 Canonical, Debian, Mit and 1 more | 4 Ubuntu Linux, Debian Linux, Kerberos 5 and 1 more | 2025-04-09 | N/A |
| Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | ||||
| CVE-2007-2448 | 2 Redhat, Subversion | 2 Enterprise Linux, Subversion | 2025-04-09 | N/A |
| Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. | ||||
| CVE-2007-2989 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. | ||||
| CVE-2007-2994 | 1 Dian Gemilang | 1 Dgnews | 2025-04-09 | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. | ||||
| CVE-2007-2995 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | ||||
| CVE-2007-2996 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl." | ||||
| CVE-2007-3002 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-09 | N/A |
| PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | ||||
| CVE-2007-3003 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. | ||||