Export limit exceeded: 29926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2638 | 1 Efilecabinet | 1 Efilecabinet | 2026-04-23 | N/A |
| eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures. | ||||
| CVE-2007-2640 | 1 Heiko Stamer | 1 Libtmcg | 2026-04-23 | N/A |
| LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards. | ||||
| CVE-2007-2641 | 1 W1l3d4 | 1 Philboard | 2026-04-23 | N/A |
| SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920. | ||||
| CVE-2007-2646 | 1 Yenc32 | 1 Yenc32 | 2026-04-23 | N/A |
| Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file. | ||||
| CVE-2007-2647 | 1 Monalbum | 1 Monalbum | 2026-04-23 | N/A |
| Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter. | ||||
| CVE-2007-2649 | 1 T-com | 1 Speedport W 700v | 2026-04-23 | N/A |
| Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script. | ||||
| CVE-2007-2651 | 1 Voodoo Circle | 1 Voodoo Circle | 2026-04-23 | N/A |
| Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets. | ||||
| CVE-2007-2657 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2026-04-23 | N/A |
| Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method. | ||||
| CVE-2007-2658 | 1 Id Automation | 1 Linear Barcode | 2026-04-23 | N/A |
| Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method. | ||||
| CVE-2007-2660 | 2 Cjg Explorer Pro, Vincent Blavet | 2 Cjg Explorer Pro, Phpconcept Library | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199 | ||||
| CVE-2007-2661 | 1 Drumster | 1 Blogme | 2026-04-23 | N/A |
| SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. | ||||
| CVE-2007-0069 | 1 Microsoft | 3 Windows 2003 Server, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." | ||||
| CVE-2007-2670 | 1 Globalmegacorp | 1 Phpchain | 2026-04-23 | N/A |
| PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations. | ||||
| CVE-2007-2672 | 1 Thinc4orce Marketing Group | 1 Php Coupon Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. | ||||
| CVE-2007-2674 | 1 Pre Projects | 1 Pre Shopping Mall | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter. | ||||
| CVE-2007-2677 | 1 Phpchess | 1 Phpchess | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php. | ||||
| CVE-2007-2678 | 1 Netsprint | 1 Netsprint Toolbar | 2026-04-23 | N/A |
| Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2680 | 1 Canon | 3 Network Camera Server Vb100, Network Camera Server Vb101, Network Camera Server Vb150 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2681 | 1 B2evolution | 1 B2evolution | 2026-04-23 | N/A |
| Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter. | ||||
| CVE-2007-2685 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. | ||||