Export limit exceeded: 357144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0786 | 1 Noname Media | 1 Photo Galerie Standard | 2026-04-23 | N/A |
| SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0796 | 1 Bluecoat | 1 Winproxy | 2026-04-23 | N/A |
| Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption. | ||||
| CVE-2007-0805 | 1 Hp | 1 Tru64 | 2026-04-23 | N/A |
| The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. | ||||
| CVE-2007-0815 | 1 Uapplication | 1 Uphotogallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023. | ||||
| CVE-2007-0823 | 1 Slackware | 1 Slackware Linux | 2026-04-23 | N/A |
| xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. | ||||
| CVE-2007-0833 | 1 Vmware | 1 Workstation | 2026-04-23 | N/A |
| VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. | ||||
| CVE-2007-0841 | 1 Vbdrupal | 1 Vbdrupal | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. | ||||
| CVE-2007-0849 | 1 Syscp Team | 1 Syscp | 2026-04-23 | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568. | ||||
| CVE-2007-0860 | 1 Laboratory For Optical And Computational Instrumentation | 1 Local Calendar System | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use | ||||
| CVE-2007-0867 | 1 Site-assistant | 1 Site-assistant | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter. | ||||
| CVE-2007-1416 | 1 Jccorp | 1 Urlshrink | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter. | ||||
| CVE-2007-1423 | 1 Work System E-commerce | 1 Work System E-commerce | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts. | ||||
| CVE-2007-1435 | 1 D-link | 1 Tftp Server | 2026-04-23 | N/A |
| Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1448 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2026-04-23 | N/A |
| The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function. | ||||
| CVE-2007-1454 | 1 Php | 1 Php | 2026-04-23 | N/A |
| ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. | ||||
| CVE-2007-1464 | 1 Inkscape | 1 Inkscape | 2026-04-23 | N/A |
| Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-1485 | 1 Ftplib | 1 Ftplib | 2026-04-23 | N/A |
| Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments | ||||
| CVE-2007-1494 | 1 Nukescripts | 1 Nukesentinel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". | ||||
| CVE-2007-1504 | 1 Fujitsu | 2 Interstage Application Server, Interstage Apworks | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. | ||||
| CVE-2007-1514 | 1 Viperweb | 1 Portal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. | ||||