Search Results (362976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2473 1 Cmsmadesimple 1 Cms Made Simple 2026-04-23 N/A
SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
CVE-2008-3057 1 Octeth 1 Oempro 2026-04-23 N/A
Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2009-1009 2 Ibm, Oracle 2 Websphere Portal, Application Server 2026-04-23 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
CVE-2007-2478 1 Cerulean Studios 1 Trillian Pro 2026-04-23 N/A
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.
CVE-2007-2479 1 Cerulean Studios 1 Trillian 2026-04-23 N/A
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
CVE-2007-2480 1 Linux 1 Linux Kernel 2026-04-23 N/A
The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.
CVE-2007-2482 1 Ruben Boelinger 1 Wordtube 2026-04-23 N/A
Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.
CVE-2007-2483 1 Ruben Boelinger 1 Wp-table 2026-04-23 N/A
Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter.
CVE-2007-2484 1 Ruben Boelinger 1 Wp-table 2026-04-23 N/A
PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
CVE-2008-3060 1 V-webmail 1 V-webmail 2026-04-23 N/A
V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message.
CVE-2007-2333 1 Nortel 3 Contivity, Vpn Router 5000, Vpn Router Portfolio 2026-04-23 N/A
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.
CVE-2007-2330 1 Dynatracker 1 Dynatracker 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2007-2329 1 Searchactivity 1 Searchactivity 2026-04-23 N/A
PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-2328 1 Phpmytgp 1 Phpmytgp 2026-04-23 N/A
PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter.
CVE-2007-2327 1 Labs4 1 Htmleditbox 2026-04-23 N/A
PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.
CVE-2007-2325 1 Mynewsgroup 1 Mynewsgroup 2026-04-23 N/A
PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
CVE-2007-2324 1 Julmajanne 1 Julmacms 2026-04-23 N/A
Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-2235 1 Punbb 1 Punbb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
CVE-2007-2236 1 Punbb 1 Punbb 2026-04-23 N/A
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
CVE-2007-2237 1 Microsoft 1 Windows Xp 2026-04-23 5.5 Medium
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.