Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2259 | 1 Esforum | 1 Esforum | 2026-04-23 | N/A |
| SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter. | ||||
| CVE-2007-2261 | 1 Realink | 1 C-arbre | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721. | ||||
| CVE-2007-2265 | 1 Phpee | 1 Ya Book | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php. | ||||
| CVE-2007-2266 | 1 Progress | 1 Webspeed Messenger | 2026-04-23 | N/A |
| Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. | ||||
| CVE-2007-2267 | 1 Sun | 1 Cluster | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1. | ||||
| CVE-2007-2268 | 1 Swsoft | 1 Plesk | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. | ||||
| CVE-2007-2269 | 1 Swsoft | 1 Plesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. | ||||
| CVE-2007-2270 | 1 Linksys | 1 Spa941 | 2026-04-23 | N/A |
| The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. | ||||
| CVE-2007-2273 | 1 Alessandro Lulli | 1 Wavewoo | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. | ||||
| CVE-2007-2278 | 1 Dcp-portal | 1 Dcp-portal | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php. | ||||
| CVE-2007-2282 | 1 Cisco | 1 Netflow Collection Engine | 2026-04-23 | N/A |
| Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. | ||||
| CVE-2007-2283 | 1 Freshdevices | 1 Freshview | 2026-04-23 | N/A |
| Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file. | ||||
| CVE-2007-2284 | 1 Abc-view | 1 Abc-view Manager | 2026-04-23 | N/A |
| Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file. | ||||
| CVE-2007-2287 | 1 Comus | 1 Comus | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | ||||
| CVE-2007-2288 | 1 Doruk100.net | 1 Doruk100net | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-2290 | 1 Cafelog | 1 B2 | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466. | ||||
| CVE-2007-2291 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. | ||||
| CVE-2007-2293 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. | ||||
| CVE-2007-2294 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. | ||||
| CVE-2007-2297 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). | ||||