Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3393 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-09 | N/A |
| Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. | ||||
| CVE-2007-3397 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. | ||||
| CVE-2007-3396 | 1 Key Focus | 1 Kf Web Server | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. | ||||
| CVE-2007-3401 | 1 B1g | 1 B1gbb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter. | ||||
| CVE-2007-3402 | 1 Pagetool | 1 Pagetool | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. | ||||
| CVE-2007-3403 | 1 Dreamlog | 1 Dreamlog | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter. | ||||
| CVE-2007-3404 | 1 Sitedepth | 1 Sitedepth Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | ||||
| CVE-2007-3411 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | N/A |
| SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | ||||
| CVE-2007-3412 | 1 Clicktech | 1 Clickgallery | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. | ||||
| CVE-2007-3413 | 1 Bitego | 1 Bosdatagrid | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component. | ||||
| CVE-2007-3414 | 1 Access2asp | 1 Access2asp | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp. | ||||
| CVE-2007-3417 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function. | ||||
| CVE-2007-3418 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users. | ||||
| CVE-2007-3419 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3421 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3422 | 1 Web-app.org | 1 Webapp | 2025-04-09 | N/A |
| The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2007-3427 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action. | ||||
| CVE-2007-3428 | 1 Zoneo-soft | 1 Phptraffica | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076. | ||||