Export limit exceeded: 362462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2592 1 Nokia 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
CVE-2007-2593 1 Microsoft 2 Terminal Server, Windows 2003 Server 2026-04-23 N/A
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
CVE-2007-2596 1 Agner Fog 1 Aforum 2026-04-23 N/A
PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
CVE-2007-2638 1 Efilecabinet 1 Efilecabinet 2026-04-23 N/A
eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures.
CVE-2007-2598 1 Simplenews 1 Simplenews 2026-04-23 N/A
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2007-2599 1 Wavelink Media 1 Tutorialcms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
CVE-2007-2603 1 Audio Cd Tools 1 Audio Cd Ripper Ocx 2026-04-23 N/A
Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors.
CVE-2007-2639 1 Prosysinfo 1 Tftp Server Tftpdwin 2026-04-23 N/A
Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors.
CVE-2007-2640 1 Heiko Stamer 1 Libtmcg 2026-04-23 N/A
LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards.
CVE-2007-2605 1 Brujula Toolbar 1 Brujula Toolbar 2026-04-23 N/A
Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments.
CVE-2007-2642 1 R2k 1 R2k Gallery 2026-04-23 N/A
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
CVE-2007-2613 1 Wikkawiki 1 Wikkawiki 2026-04-23 N/A
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
CVE-2007-2409 1 Apple 3 Mac Os X, Mac Os X Server, Webcore 2026-04-23 N/A
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window.
CVE-2007-2615 1 Crie Sue 1 Phplojafacil 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php.
CVE-2007-2618 1 Drake Team 1 Drake Cms 2026-04-23 N/A
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
CVE-2007-2621 1 Extrovert Software 1 Thyme Calndar 2026-04-23 N/A
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
CVE-2007-2411 1 Sphider 1 Sphider 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue.
CVE-2007-2623 1 Fruit2004 1 Remote Display Development Kit 2026-04-23 N/A
Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.
CVE-2009-1659 1 Intelliants 1 Elitius 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
CVE-2009-1663 1 Easy-scripts 1 Answer And Question Script 2026-04-23 N/A
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory.