Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2709 | 1 Nagiosql | 1 Nagiosql 2005 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter. | ||||
| CVE-2007-2708 | 1 Feindt Computerservice | 1 News-script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | ||||
| CVE-2007-2707 | 1 Linksnet | 1 Newsfeed | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter. | ||||
| CVE-2007-2706 | 1 Geeklog | 1 Media Gallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter. | ||||
| CVE-2007-2705 | 1 Bea | 2 Weblogic Integration, Weblogic Workshop | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. | ||||
| CVE-2007-2704 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket. | ||||
| CVE-2007-2703 | 1 Oracle | 1 Weblogic Portal | 2026-04-23 | N/A |
| BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. | ||||
| CVE-2007-2700 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information. | ||||
| CVE-2007-2699 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. | ||||
| CVE-2007-2698 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. | ||||
| CVE-2007-2697 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service. | ||||
| CVE-2007-2696 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server. | ||||
| CVE-2006-6964 | 1 Mailenable | 1 Mailenable Professional | 2026-04-23 | N/A |
| MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | ||||
| CVE-2007-2694 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2691 | 4 Canonical, Debian, Mysql and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2026-04-23 | N/A |
| MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | ||||
| CVE-2007-2689 | 1 Checkpoint | 1 Web Intelligence | 2026-04-23 | N/A |
| Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | ||||
| CVE-2007-2688 | 1 Cisco | 2 Ios, Ips Sensor Software | 2026-04-23 | N/A |
| The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | ||||
| CVE-2007-2684 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. | ||||
| CVE-2007-2682 | 2 Adobe, Apple | 2 Creative Suite, Mac Os X | 2026-04-23 | N/A |
| The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules. | ||||
| CVE-2007-2681 | 1 B2evolution | 1 B2evolution | 2026-04-23 | N/A |
| Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter. | ||||