Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4748 | 1 Ppstream | 1 Ppstream | 2026-04-23 | N/A |
| Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter. | ||||
| CVE-2007-1923 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0. | ||||
| CVE-2007-1924 | 1 Phpcontact | 1 Phpcontact | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use | ||||
| CVE-2007-1925 | 1 Tru-zone | 1 Nukeet | 2026-04-23 | N/A |
| The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie. | ||||
| CVE-2007-1927 | 1 Youngzsoft | 1 Cmailserver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | ||||
| CVE-2007-4219 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. | ||||
| CVE-2007-1928 | 1 Witshare | 1 Witshare | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter. | ||||
| CVE-2007-1929 | 1 Gna | 1 Beryo | 2026-04-23 | N/A |
| Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter. | ||||
| CVE-2007-1931 | 1 Smodcms | 1 Smodcms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter. | ||||
| CVE-2007-1932 | 1 Scar4u | 1 Scarnews | 2026-04-23 | N/A |
| Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter. | ||||
| CVE-2007-1933 | 1 Dreamcodes | 1 Pcp-guestbook | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php. | ||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2026-04-23 | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | ||||
| CVE-2007-1935 | 1 Scar4u.de | 1 Scaradcontroller | 2026-04-23 | N/A |
| PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function. | ||||
| CVE-2007-1936 | 1 Scar4u.de | 1 Scaradcontroller | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter. | ||||
| CVE-2007-1937 | 1 Dreamcodes | 1 Scorp Book | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | ||||
| CVE-2007-4220 | 1 Motorola | 1 Timbuktu | 2026-04-23 | N/A |
| Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. | ||||
| CVE-2007-1939 | 1 Daniel Naber | 1 Languagetool | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java. | ||||
| CVE-2007-1940 | 1 Ibm | 1 Tivoli Business Service Manager | 2026-04-23 | N/A |
| IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log. | ||||
| CVE-2007-4230 | 1 Jems Scripts | 1 Bellabiblio | 2026-04-23 | N/A |
| BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash | ||||
| CVE-2007-4239 | 1 C-sam | 1 Onewallet | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. | ||||