Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6131 1 Redhat 1 Fedora Core 2026-04-23 N/A
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.
CVE-2007-6133 1 Devmass 1 Devmass Cart 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.
CVE-2007-6134 1 Phpkit 1 Phpkit 2026-04-23 N/A
SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
CVE-2007-6135 1 Phpslideshow 1 Phpslideshow 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
CVE-2007-6137 1 P3mbo 1 Content Injector 2026-04-23 N/A
SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2007-6138 1 Vu 1 Mass Mailer 2026-04-23 N/A
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
CVE-2007-6139 1 Mp3 1 Toolbox 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
CVE-2007-6140 1 Dora Emlak 1 Dora Emlak 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.
CVE-2007-6141 1 Vbtube 1 Vbtube 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2007-6142 1 Salims Softhouse 1 Jaf Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6143 1 Vu 1 Case Manager 2026-04-23 N/A
SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2007-6146 1 Hitachi 1 Jp1 File Transmission Server 2026-04-23 N/A
Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.
CVE-2007-6148 1 Adobe 2 Connect Enterprise Server, Flash Media Server 2 2026-04-23 N/A
Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests.
CVE-2007-6149 1 Adobe 2 Connect Enterprise Server, Flash Media Server 2 2026-04-23 N/A
Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation.
CVE-2007-6150 1 Freebsd 1 Freebsd 2026-04-23 N/A
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
CVE-2007-6151 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
CVE-2007-6157 1 Simplegallery 1 Simplegallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
CVE-2007-6158 1 Proverbs 1 Proverbs Web Calendar 2026-04-23 N/A
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
CVE-2007-6159 1 Tilde 1 Tilde Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
CVE-2007-6160 1 Tilde 1 Tilde Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.