Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0828 | 1 Mysqlnewsengine | 1 Mysqlnewsengine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter. | ||||
| CVE-2007-0829 | 1 Alwil | 1 Avast Antivirus | 2026-04-23 | N/A |
| avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. | ||||
| CVE-2007-0832 | 1 Vmware | 1 Workstation | 2026-04-23 | N/A |
| VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems. | ||||
| CVE-2007-1369 | 1 Zend | 1 Zend Platform | 2026-04-23 | N/A |
| ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc. | ||||
| CVE-2007-1380 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Application Stack and 1 more | 2026-04-23 | N/A |
| The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. | ||||
| CVE-2007-1390 | 1 Dynaliens | 1 Dynaliens | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3. | ||||
| CVE-2007-1392 | 1 Netforo | 1 Netforo | 2026-04-23 | N/A |
| Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter. | ||||
| CVE-2007-1393 | 1 Geo Soft | 1 Magic Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-1397 | 1 Fish | 1 Fish | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | ||||
| CVE-2007-1400 | 1 Plesh | 1 Plesh | 2026-04-23 | N/A |
| Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl. | ||||
| CVE-2007-1401 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. | ||||
| CVE-2008-0236 | 1 Microsoft | 1 Visual Foxpro | 2026-04-23 | N/A |
| An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. | ||||
| CVE-2007-1405 | 1 Edgewall Software | 1 Trac | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2007-1409 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | ||||
| CVE-2007-1412 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. | ||||
| CVE-2007-1414 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. | ||||
| CVE-2007-1418 | 1 Mindtouch | 1 Dekiwiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2007-1421 | 1 Premod Subdog | 1 Premod Subdog | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/. | ||||
| CVE-2007-1422 | 1 Duyuru Scripti | 1 Duyuru Scripti | 2026-04-23 | N/A |
| SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688. | ||||
| CVE-2007-1423 | 1 Work System E-commerce | 1 Work System E-commerce | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts. | ||||