Export limit exceeded: 359662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1131 | 1 Scripter.ch | 1 Sinapis Forum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | ||||
| CVE-2007-1222 | 2 Apple, Parallels | 2 Mac Os X, Parallels Desktop | 2026-04-23 | N/A |
| Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. | ||||
| CVE-2007-1224 | 1 Grok Developments | 1 Netproxy | 2026-04-23 | N/A |
| Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80). | ||||
| CVE-2007-1242 | 1 Audins Audiens | 1 Audins Audiens | 2026-04-23 | N/A |
| SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1243 | 1 Audins Audiens | 1 Audins Audiens | 2026-04-23 | N/A |
| Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1329 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences. | ||||
| CVE-2007-1379 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code. | ||||
| CVE-2007-1382 | 2 Microsoft, Php | 2 All Windows, Com Extensions | 2026-04-23 | N/A |
| The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. | ||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2026-04-23 | N/A |
| includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | ||||
| CVE-2007-1385 | 1 Joris Guisson | 1 Ktorrent | 2026-04-23 | N/A |
| chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value. | ||||
| CVE-2007-1387 | 1 Mplayer | 1 Mplayer | 2026-04-23 | N/A |
| The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. | ||||
| CVE-2007-1477 | 1 Oscommerce | 1 Php Point Of Sale | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation | ||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | ||||
| CVE-2007-1485 | 1 Ftplib | 1 Ftplib | 2026-04-23 | N/A |
| Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments | ||||
| CVE-2007-1486 | 1 Carbonize | 1 Lazarus Guestbook | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. | ||||
| CVE-2007-1491 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2026-04-23 | N/A |
| Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | ||||
| CVE-2007-1493 | 1 Nukescripts | 1 Nukesentinel | 2026-04-23 | N/A |
| nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172. | ||||
| CVE-2007-1496 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | ||||
| CVE-2007-1591 | 1 Trend Micro | 1 Trend Micro Antivirus | 2026-04-23 | N/A |
| VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error. | ||||
| CVE-2007-1604 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. | ||||