Export limit exceeded: 362962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2148 1 Stephen Craton 1 Chatness 2026-04-23 N/A
Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
CVE-2007-2149 1 Stephen Craton 1 Chatness 2026-04-23 N/A
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.
CVE-2007-2152 1 Mcafee 1 Virusscan Enterprise 2026-04-23 N/A
Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.
CVE-2007-2154 1 Cabron Connector 1 Cabron Connector 2026-04-23 N/A
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
CVE-2007-2153 1 Atmail 1 Atmail Webmail 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2007-2155 1 Phpfaber 1 Topsites 2026-04-23 N/A
Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php.
CVE-2007-2157 1 Zomplog 1 Zomplog 2026-04-23 N/A
Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-2158 1 Kooijman-design 1 Jgallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.
CVE-2007-2167 1 Aimstats 1 Aimstats 2026-04-23 N/A
Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.
CVE-2007-2161 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVE-2007-2168 1 Aimstats 1 Aimstats 2026-04-23 N/A
Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2173 2 Double Precision Incorporated, Gentoo 2 Courier-imap, Linux 2026-04-23 N/A
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
CVE-2007-2174 1 Checkpoint 1 Zonealarm 2026-04-23 N/A
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.
CVE-2007-2175 1 Apple 1 Safari 2026-04-23 N/A
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
CVE-2007-2176 1 Mozilla 1 Firefox 2026-04-23 N/A
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
CVE-2007-2180 1 Nullsoft 1 Winamp 2026-04-23 N/A
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
CVE-2007-2184 1 Jchit 1 Counter 2026-04-23 N/A
Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.
CVE-2007-2177 1 Microgaming 1 Download Helper Activex Control 2026-04-23 N/A
Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-2179 1 Raiden Professional Servers 1 Raidenftpd 2026-04-23 N/A
Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.
CVE-2007-2181 1 Webinsta 1 Fm Manager 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.