Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3260 | 1 Hp | 1 System Management Homepage | 2026-04-23 | N/A |
| HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | ||||
| CVE-2007-3261 | 1 Dkret | 1 Dkret | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-3266 | 1 Ifnet | 1 Webif.cgi | 2026-04-23 | N/A |
| Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter. | ||||
| CVE-2007-3267 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | ||||
| CVE-2007-3282 | 1 Microsoft | 2 Office, Office Msodatasourcecontrol Activex | 2026-04-23 | N/A |
| Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. | ||||
| CVE-2007-3283 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. | ||||
| CVE-2007-3290 | 1 Livecms | 1 Livecms | 2026-04-23 | N/A |
| categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | ||||
| CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2026-04-23 | N/A |
| SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3300 | 1 F-secure | 6 F-secure Anti-virus, F-secure Anti-virus Linux Client Security, F-secure Anti-virus Linux Server Security and 3 more | 2026-04-23 | N/A |
| Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. | ||||
| CVE-2007-3302 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2026-04-23 | N/A |
| The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions." | ||||
| CVE-2007-3316 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | ||||
| CVE-2007-3317 | 1 Avaya | 1 One-x | 2026-04-23 | N/A |
| The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message. | ||||
| CVE-2007-3323 | 1 Comersus Open Technologies | 1 Comersus Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2. | ||||
| CVE-2007-3325 | 1 Lms | 1 Lan Management System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | ||||
| CVE-2007-3332 | 1 Php-nuke | 1 Satel Lite | 2026-04-23 | N/A |
| Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action. | ||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-3355 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3356 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php. | ||||
| CVE-2007-3367 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3370 | 1 Kim Kyoung Min | 1 Sun Board | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | ||||