Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4959 | 1 Jelsoft | 1 Oscmax | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4960 | 1 Linden Lab | 1 Second Life | 2026-04-23 | N/A |
| Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | ||||
| CVE-2007-6171 | 1 Digium | 1 Asterisk | 2026-04-23 | N/A |
| SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2007-6174 | 1 Phpdevshell | 1 Phpdevshell | 2026-04-23 | N/A |
| PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4961 | 1 Lindenlab | 1 Second Life | 2026-04-23 | 7.5 High |
| The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. | ||||
| CVE-2007-5800 | 2 Tom Willmot, Wordpress | 2 Backupwordpress Plugin, Wordpress | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/. | ||||
| CVE-2007-4962 | 1 Winimage | 1 Winimage | 2026-04-23 | N/A |
| Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2007-5801 | 1 Work System E-commerce | 1 Work System E-commerce | 2026-04-23 | N/A |
| Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages." | ||||
| CVE-2007-6175 | 1 Lhaplus | 1 Lhaplus | 2026-04-23 | N/A |
| Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048. | ||||
| CVE-2007-4963 | 1 Winimage | 1 Winimage | 2026-04-23 | N/A |
| Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files. | ||||
| CVE-2007-4964 | 1 Winimage | 1 Winimage | 2026-04-23 | N/A |
| WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file. | ||||
| CVE-2007-5802 | 1 Firewolf Technologies | 1 Synergiser | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. | ||||
| CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2026-04-23 | N/A |
| kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | ||||
| CVE-2007-5803 | 1 Nagios | 1 Nagios | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. | ||||
| CVE-2007-6177 | 1 Php Con | 1 Php Con | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter. | ||||
| CVE-2007-6339 | 1 Akamai Technologies | 1 Download Manager | 2026-04-23 | N/A |
| The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." | ||||
| CVE-2007-4965 | 2 Python, Redhat | 3 Python, Enterprise Linux, Network Satellite | 2026-04-23 | N/A |
| Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||||
| CVE-2007-4966 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | ||||
| CVE-2007-5804 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. | ||||
| CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | ||||