Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3552 | 1 Bbs100 | 1 Bbs100 | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-3554 | 1 Hp | 1 Instant Support | 2025-04-09 | N/A |
| Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function. | ||||
| CVE-2007-3555 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | ||||
| CVE-2007-3558 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | ||||
| CVE-2007-3556 | 1 Doubleflex | 1 Liesbeth Base Cms | 2025-04-09 | N/A |
| Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc. | ||||
| CVE-2007-3557 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | ||||
| CVE-2007-3560 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | ||||
| CVE-2007-3561 | 1 Webixir | 1 Efendy Blog | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3562 | 1 Php Director | 1 Php Director | 2025-04-09 | N/A |
| SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3567 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-09 | N/A |
| MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. | ||||
| CVE-2007-3566 | 1 Borland Software | 1 Interbase | 2025-04-09 | N/A |
| Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp. | ||||
| CVE-2007-3568 | 1 Imlib | 1 Imlib | 2025-04-09 | N/A |
| The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | ||||
| CVE-2007-3564 | 1 Libcurl | 1 Libcurl | 2025-04-09 | N/A |
| libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. | ||||
| CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2025-04-09 | N/A |
| The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | ||||
| CVE-2007-3572 | 1 Yoggie | 2 Pico, Pico Pro | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). | ||||
| CVE-2007-3573 | 1 Akocomment | 1 Akocomment | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. | ||||
| CVE-2007-3575 | 1 Freedomain.co.nr | 1 Clone | 2025-04-09 | N/A |
| SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. | ||||
| CVE-2007-3579 | 1 Phpids | 1 Phpids | 2025-04-09 | N/A |
| PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | ||||
| CVE-2007-3580 | 1 Phpids | 1 Phpids | 2025-04-09 | N/A |
| PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. | ||||
| CVE-2007-3581 | 1 Jedox | 1 Palo | 2025-04-09 | N/A |
| The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. | ||||