Export limit exceeded: 29833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29833 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1957 | 1 Guernion Sylvain Portail | 1 Web Php | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/. | ||||
| CVE-2007-1959 | 1 Tinymux | 1 Tinymux | 2025-04-09 | N/A |
| Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection." | ||||
| CVE-2007-1971 | 1 Gazi Okul Sitesi | 1 Gazi Okul Sitesi | 2025-04-09 | N/A |
| SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string. | ||||
| CVE-2007-1972 | 1 Bmc | 1 Performance Manager | 2025-04-09 | N/A |
| PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured | ||||
| CVE-2007-1973 | 1 Microsoft | 1 Windows Nt | 2025-04-09 | N/A |
| Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. | ||||
| CVE-2007-1989 | 1 Dotclear | 1 Dotclear | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1777 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. | ||||
| CVE-2007-1824 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. | ||||
| CVE-2007-1990 | 1 Sam Crew | 1 Myblog | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2025-04-09 | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | ||||
| CVE-2007-2003 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2025-04-09 | N/A |
| InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect. | ||||
| CVE-2007-2006 | 1 Pl-php | 1 Pl-php | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter. | ||||
| CVE-2007-2008 | 1 Pl-php | 1 Pl-php | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2007-2844 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. | ||||
| CVE-2007-2033 | 1 Cisco | 1 Wireless Control System | 2025-04-09 | N/A |
| Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. | ||||
| CVE-2007-2854 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | ||||
| CVE-2007-2861 | 1 Saxon | 1 Saxon | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. | ||||
| CVE-2007-2035 | 1 Cisco | 1 Wireless Control System | 2025-04-09 | N/A |
| Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. | ||||
| CVE-2007-2036 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-09 | N/A |
| The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. | ||||
| CVE-2007-2219 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. | ||||