Export limit exceeded: 335250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29844 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2645 | 1 Libexif | 1 Libexif | 2025-04-09 | N/A |
| Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. | ||||
| CVE-2007-2646 | 1 Yenc32 | 1 Yenc32 | 2025-04-09 | N/A |
| Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file. | ||||
| CVE-2007-2647 | 1 Monalbum | 1 Monalbum | 2025-04-09 | N/A |
| Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter. | ||||
| CVE-2007-2648 | 1 Clever Components | 1 Clever Database Comparer | 2025-04-09 | N/A |
| Stack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function. | ||||
| CVE-2007-2649 | 1 T-com | 1 Speedport W 700v | 2025-04-09 | N/A |
| Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script. | ||||
| CVE-2007-2660 | 2 Cjg Explorer Pro, Vincent Blavet | 2 Cjg Explorer Pro, Phpconcept Library | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199 | ||||
| CVE-2007-2670 | 1 Globalmegacorp | 1 Phpchain | 2025-04-09 | N/A |
| PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations. | ||||
| CVE-2007-2672 | 1 Thinc4orce Marketing Group | 1 Php Coupon Script | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. | ||||
| CVE-2006-5499 | 1 Serendipity | 1 Serendipity | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. | ||||
| CVE-2007-2677 | 1 Phpchess | 1 Phpchess | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php. | ||||
| CVE-2006-6982 | 1 3proxy | 1 3proxy | 2025-04-09 | N/A |
| 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. | ||||
| CVE-2007-2678 | 1 Netsprint | 1 Netsprint Toolbar | 2025-04-09 | N/A |
| Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-0647 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. | ||||
| CVE-2007-2680 | 1 Canon | 3 Network Camera Server Vb100, Network Camera Server Vb101, Network Camera Server Vb150 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-1798 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. | ||||
| CVE-2007-2709 | 1 Nagiosql | 1 Nagiosql 2005 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter. | ||||
| CVE-2007-1800 | 1 Cisco | 1 Trust Agent | 2025-04-09 | N/A |
| Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices. | ||||
| CVE-2007-1815 | 1 Xoops | 1 Library Module | 2025-04-09 | N/A |
| SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2025-04-09 | N/A |
| SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-1817 | 1 Lykoszine | 1 Lykos Reviews Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. | ||||