Search Results (362705 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4415 1 Phpgroupware 1 Phpgroupware 2026-04-23 N/A
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
CVE-2007-1006 2 Ekiga, Redhat 2 Ekiga, Enterprise Linux 2026-04-23 N/A
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.
CVE-2007-1007 2 Ekiga, Redhat 3 Ekiga, Enterprise Linux, Enterprise Linux Desktop 2026-04-23 N/A
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
CVE-2007-1008 1 Apple 1 Itunes 2026-04-23 N/A
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
CVE-2007-1009 1 Macrovision 1 Installanywhere 2026-04-23 N/A
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
CVE-2007-1010 1 Zebrafeeds 1 Zebrafeeds 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.
CVE-2007-1011 1 Vs-gastebuch 1 Vs-gastebuch 2026-04-23 N/A
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
CVE-2007-1012 1 Deskpro 1 Deskpro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.
CVE-2007-1014 1 Vicftps 1 Vicftps 2026-04-23 N/A
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
CVE-2008-2919 1 Gryphonllc 1 Gryphon Gllcts2 2026-04-23 N/A
SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2007-1024 1 Marcello Vitagliano 1 Meganoides News 2026-04-23 N/A
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
CVE-2007-1025 1 Virtualsystem 1 Vs-link-partner 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.
CVE-2007-1026 1 Scriptdungeon 1 Xlatunes 2026-04-23 N/A
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information.
CVE-2007-1027 1 Ibm 1 Db2 2026-04-23 N/A
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
CVE-2007-1028 1 Barry Jaspan 1 Image Pager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element.
CVE-2007-1029 1 Quicksoft 1 Easymail Objects 2026-04-23 N/A
Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name.
CVE-2007-1030 1 Niels Provos 1 Libevent 2026-04-23 N/A
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
CVE-2007-1032 1 Phpmyfaq 1 Phpmyfaq 2026-04-23 N/A
Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."
CVE-2007-1033 1 Drupal 1 Secure Site Module 2026-04-23 N/A
Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.
CVE-2007-1034 1 Php-nuke 1 Emporium Module 2026-04-23 N/A
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.