Export limit exceeded: 346948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2075 | 1 Scramdisk 4 Linux | 1 Scramdisk 4 Linux | 2026-04-23 | N/A |
| ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container. | ||||
| CVE-2007-2077 | 1 Maian | 1 Search | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." | ||||
| CVE-2007-2078 | 1 Maian | 1 Weblog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use | ||||
| CVE-2007-4427 | 1 Intersystems | 1 Cache Database | 2026-04-23 | N/A |
| Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116. | ||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2026-04-23 | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | ||||
| CVE-2007-2080 | 1 Xampp | 1 Apache Distribution | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. | ||||
| CVE-2007-2023 | 1 Secustick | 1 Secustick Usb Flash Drive | 2026-04-23 | N/A |
| USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. | ||||
| CVE-2007-4374 | 1 Rndlabs | 1 Babo Violent | 2026-04-23 | N/A |
| Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | ||||
| CVE-2007-2022 | 3 Adobe, Opera, Redhat | 3 Flash Player, Opera Browser, Enterprise Linux | 2026-04-23 | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||||
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2026-04-23 | N/A |
| The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | ||||
| CVE-2007-2019 | 1 Tomex | 1 Phpgalleryscript | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter. | ||||
| CVE-2007-2018 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4371 | 1 Hotscripts | 1 Neuron Blog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. | ||||
| CVE-2007-2017 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request. | ||||
| CVE-2007-4358 | 1 Zoidcom | 1 Zoidcom | 2026-04-23 | N/A |
| Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643. | ||||
| CVE-2007-2016 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. | ||||
| CVE-2007-2015 | 1 Request It | 1 Request It | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | ||||
| CVE-2007-4847 | 1 Google | 1 Picasa | 2026-04-23 | N/A |
| Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | ||||
| CVE-2007-2014 | 1 Mynews | 1 Mynews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. | ||||
| CVE-2007-2013 | 1 Jex-treme | 1 Einfacher Passworschutz | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||