Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2275 | 1 Hp | 3 Storageworks Command View, Storageworks Replication Monitor, Storageworks Tiered Storage Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users. | ||||
| CVE-2007-2285 | 1 Jack Slocum | 1 Ext Js | 2026-04-23 | N/A |
| Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent. | ||||
| CVE-2007-2284 | 1 Abc-view | 1 Abc-view Manager | 2026-04-23 | N/A |
| Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file. | ||||
| CVE-2007-2287 | 1 Comus | 1 Comus | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | ||||
| CVE-2007-2290 | 1 Cafelog | 1 B2 | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466. | ||||
| CVE-2007-2310 | 1 Bloofoxcms | 1 Bloofoxcms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. | ||||
| CVE-2007-2311 | 1 Bloofoxcms | 1 Bloofoxcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use | ||||
| CVE-2007-2316 | 1 Open Business Management | 1 Open Business Management | 2026-04-23 | N/A |
| Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." | ||||
| CVE-2007-2317 | 2 Minibb, Tosmo Mambo | 2 Minibb, Tosmo Mambo | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. | ||||
| CVE-2007-2327 | 1 Labs4 | 1 Htmleditbox | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter. | ||||
| CVE-2007-2329 | 1 Searchactivity | 1 Searchactivity | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2007-2343 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names. | ||||
| CVE-2007-2344 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2026-04-23 | N/A |
| The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. | ||||
| CVE-2007-2351 | 1 Hp | 2 Hp-ux, Power Manager Remote Agent | 2026-04-23 | N/A |
| Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2352 | 1 Afflib | 1 Afflib | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed. | ||||
| CVE-2007-2360 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2026-04-23 | N/A |
| Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key. | ||||
| CVE-2007-2363 | 1 Irfanview | 1 Irfanview | 2026-04-23 | N/A |
| Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. | ||||
| CVE-2007-2393 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | ||||
| CVE-2007-2372 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2026-04-23 | N/A |
| admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/. | ||||
| CVE-2007-2384 | 1 Script.aculo.us | 1 Script.aculo.us | 2026-04-23 | N/A |
| The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||