Export limit exceeded: 346175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3493 | 2 Microsoft, Nctsoft Products | 4 Internet Explorer, Windows Xp, Nctaudiostudio and 1 more | 2026-04-23 | N/A |
| A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. | ||||
| CVE-2007-3510 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name. | ||||
| CVE-2007-3517 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. | ||||
| CVE-2007-3524 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php. | ||||
| CVE-2007-3526 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. | ||||
| CVE-2007-3532 | 2 Gentoo, Nvidia | 2 Linux, Video Driver | 2026-04-23 | N/A |
| NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | ||||
| CVE-2007-5482 | 1 Sun | 2 Storagetek 3510, Storedge | 2026-04-23 | N/A |
| Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors. | ||||
| CVE-2007-3535 | 1 Frank Karau | 1 Gl-sh Deaf Forum | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. | ||||
| CVE-2007-3543 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. | ||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-3551 | 1 Bbs100 | 1 Bbs100 | 2026-04-23 | N/A |
| Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c. | ||||
| CVE-2007-3559 | 1 Php-fusion | 1 Php-fusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. | ||||
| CVE-2007-3569 | 1 Softlink Europe | 1 Oliver Library Management System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. | ||||
| CVE-2007-3577 | 1 Phpids | 1 Phpids | 2026-04-23 | N/A |
| PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script. | ||||
| CVE-2007-3586 | 1 Mycms | 1 Mycms | 2026-04-23 | N/A |
| Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. | ||||
| CVE-2007-3591 | 1 Elite Bulletin Board | 1 Elite Bulletin Board | 2026-04-23 | N/A |
| Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks. | ||||
| CVE-2007-3603 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. | ||||
| CVE-2007-3611 | 1 Vrnews | 1 Vrnews | 2026-04-23 | N/A |
| admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. | ||||
| CVE-2007-3614 | 1 Sap | 1 Sap Db | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields." | ||||
| CVE-2007-3629 | 1 Levent Veysi Portal | 1 Levent Veysi Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||