Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1998 1 Hiox India 1 Guest Book 2026-04-23 N/A
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
CVE-2007-1999 1 Nazarkin.name 1 Weatimages 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.
CVE-2007-2001 1 Crea-book 1 Crea-book 2026-04-23 N/A
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
CVE-2007-2003 1 Inoutmailinglistmanager 1 Inoutmailinglistmanager 2026-04-23 N/A
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.
CVE-2007-2004 1 Inoutmailinglistmanager 1 Inoutmailinglistmanager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.
CVE-2007-2006 1 Pl-php 1 Pl-php 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
CVE-2007-2007 1 Pl-php 1 Pl-php 2026-04-23 N/A
admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.
CVE-2007-2008 1 Pl-php 1 Pl-php 2026-04-23 N/A
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-2009 1 Simpcms 1 Simpcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-2023 1 Secustick 1 Secustick Usb Flash Drive 2026-04-23 N/A
USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.
CVE-2007-2024 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
CVE-2007-2025 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
CVE-2007-2026 2 Amavis, Gentoo 2 Virus Scanner, File 2026-04-23 N/A
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
CVE-2007-2028 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2026-04-23 N/A
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
CVE-2007-2030 1 Redhat 2 Enterprise Linux, Fedora Core 2026-04-23 N/A
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
CVE-2007-2031 1 3proxy 1 3proxy 2026-04-23 N/A
Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.
CVE-2007-2033 1 Cisco 1 Wireless Control System 2026-04-23 N/A
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.
CVE-2007-2035 1 Cisco 1 Wireless Control System 2026-04-23 N/A
Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.
CVE-2007-2040 1 Cisco 3 Aironet 1000-series, Aironet 1500-series, Wireless Lan Controller Software 2026-04-23 N/A
Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.
CVE-2007-2041 1 Cisco 2 2100 Wireless Lan Controller, 4400 Wireless Lan Controller 2026-04-23 N/A
Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.