Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4312 1 Php Blue Dragon 1 Php Blue Dragon Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.
CVE-2007-4314 1 Pixlie 1 Pixlie 2026-04-23 N/A
pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service.
CVE-2007-4316 1 Zyxel 2 Zynos, Zywall 2 2026-04-23 N/A
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.
CVE-2007-4331 1 Ctw Design 1 Findnix 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter.
CVE-2009-2296 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
CVE-2007-4490 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO.
CVE-2007-4492 1 Sun 1 Solaris 2026-04-23 N/A
Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.
CVE-2007-4522 1 Ripe Website Manager 1 Ripe Website Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.
CVE-2007-2350 1 Freepbx 1 Freepbx 2026-04-23 N/A
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
CVE-2007-4524 1 Phpress 1 Phpress 2026-04-23 N/A
PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2007-4527 1 Phphq 1 Phuploader 2026-04-23 N/A
Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4530 1 Teamspeak 1 Web Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html.
CVE-2007-4531 1 Michal Marcinkowski 2 Soldat Dedicated Server, Soldat Game Server 2026-04-23 N/A
Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port.
CVE-2007-4538 1 Mozilla 1 Bugzilla 2026-04-23 N/A
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
CVE-2007-4658 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVE-2008-5697 2 Mozilla, Skype 2 Firefox, Skype Extension For Firefox 2026-04-23 N/A
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
CVE-2007-5277 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
CVE-2007-5632 1 Sun 1 Solaris 2026-04-23 N/A
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.
CVE-2007-5633 2 Almico, Microsoft 2 Speedfan, Windows Vista 2026-04-23 N/A
Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR.
CVE-2007-5789 1 Grandstream 1 Ht488 2026-04-23 N/A
The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.