Export limit exceeded: 336559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1402 | 1 Rediff | 1 Toolbar | 2025-04-09 | N/A |
| The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments. | ||||
| CVE-2007-1404 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2025-04-09 | N/A |
| tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948. | ||||
| CVE-2007-1405 | 1 Edgewall Software | 1 Trac | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2007-1406 | 1 Edgewall Software | 1 Trac | 2025-04-09 | N/A |
| Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-1407 | 1 Open Solution | 1 Quick.cart | 2025-04-09 | N/A |
| Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit." | ||||
| CVE-2007-1408 | 1 Vallheru | 1 Vallheru | 2025-04-09 | N/A |
| Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term. | ||||
| CVE-2007-1416 | 1 Jccorp | 1 Urlshrink | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter. | ||||
| CVE-2007-1417 | 1 Hc Design | 1 Newssystem | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion. | ||||
| CVE-2007-1418 | 1 Mindtouch | 1 Dekiwiki | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2007-1422 | 1 Duyuru Scripti | 1 Duyuru Scripti | 2025-04-09 | N/A |
| SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688. | ||||
| CVE-2007-1423 | 1 Work System E-commerce | 1 Work System E-commerce | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts. | ||||
| CVE-2007-1428 | 1 Php Labs | 1 Jobsitepro | 2025-04-09 | N/A |
| SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter. | ||||
| CVE-2007-1430 | 1 Clip-share | 1 Clipshare | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter. | ||||
| CVE-2006-6828 | 1 Efkan Forum | 1 Efkan Forum | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794. | ||||
| CVE-2007-1474 | 1 Horde | 2 Horde Application Framework, Imp | 2025-04-09 | N/A |
| Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. | ||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | ||||
| CVE-2007-1486 | 1 Carbonize | 1 Lazarus Guestbook | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. | ||||
| CVE-2007-1490 | 1 Avaya | 1 Communication Manager | 2025-04-09 | N/A |
| Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). | ||||
| CVE-2007-1494 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". | ||||
| CVE-2007-1495 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-09 | N/A |
| The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. | ||||