Export limit exceeded: 363303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2225 1 Microsoft 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more 2026-04-23 N/A
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
CVE-2007-2227 1 Microsoft 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more 2026-04-23 N/A
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
CVE-2007-2233 1 Cosign 1 Cosign 2026-04-23 N/A
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
CVE-2007-2235 1 Punbb 1 Punbb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
CVE-2007-2236 1 Punbb 1 Punbb 2026-04-23 N/A
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
CVE-2007-2234 1 Punbb 1 Punbb 2026-04-23 N/A
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
CVE-2007-2239 1 Axis 10 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 7 more 2026-04-23 N/A
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
CVE-2007-2240 1 Lenovo 2 Access Support, Automated Solutions 2026-04-23 N/A
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.
CVE-2007-2241 1 Isc 1 Bind 2026-04-23 N/A
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
CVE-2007-2271 1 Rajneel Lal Totaram 1 Usp Foss Distribution 2026-04-23 N/A
Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.
CVE-2007-2249 1 Phorum 1 Phorum 2026-04-23 N/A
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
CVE-2007-2252 1 Exponent 1 Exponent Cms 2026-04-23 N/A
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
CVE-2007-2257 1 Fully Modded Phpbb 1 Fully Modded Phpbb2 2026-04-23 N/A
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-2258 1 Phpmybibli 1 Phpmybibli 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2007-2259 1 Esforum 1 Esforum 2026-04-23 N/A
SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.
CVE-2007-2268 1 Swsoft 1 Plesk 2026-04-23 N/A
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
CVE-2007-2269 1 Swsoft 1 Plesk 2026-04-23 N/A
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
CVE-2007-2270 1 Linksys 1 Spa941 2026-04-23 N/A
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
CVE-2007-2272 1 Advanced Webhost Billing System 1 Advanced Webhost Billing System 2026-04-23 N/A
PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter.
CVE-2007-2278 1 Dcp-portal 1 Dcp-portal 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php.