Search Results (363898 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4178 1 Amg Soft 1 Webdirector 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
CVE-2007-4181 1 Pluck 1 Pluck 2026-04-23 N/A
PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request
CVE-2007-4059 1 Vmware 1 Workstation 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
CVE-2007-4054 1 Php123 1 Top Sites 2026-04-23 N/A
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-4052 1 Nukedit 1 Nukedit 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4047 1 Geoblog 1 Geoblog 2026-04-23 N/A
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
CVE-2007-4244 1 Joomla 1 J Reactions 2026-04-23 N/A
PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
CVE-2007-4045 3 Apple, Fedoraproject, Redhat 3 Cups, Fedora, Enterprise Linux 2026-04-23 N/A
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
CVE-2007-4003 1 Ibm 1 Aix 2026-04-23 N/A
pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.
CVE-2008-2688 1 Pilotcart 1 Pilot Cart 2026-04-23 N/A
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
CVE-2007-4008 1 Entertainment Cms 1 Entertainment Cms 2026-04-23 N/A
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
CVE-2008-2689 1 Browsercrm 1 Browsercrm 2026-04-23 N/A
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.
CVE-2007-4009 1 Parallels 1 Confixx 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
CVE-2007-4010 1 Php 1 Php 2026-04-23 N/A
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
CVE-2008-1448 1 Microsoft 2 Outlook Express, Windows Mail 2026-04-23 N/A
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
CVE-2007-4018 1 Citrix 1 Access Gateway 2026-04-23 N/A
Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
CVE-2007-4023 1 Aruba 1 Mobility Controller 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4025 1 Sun 1 Java System Application Server 2026-04-23 N/A
Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
CVE-2007-4233 1 Camera Life 1 Camera Life 2026-04-23 N/A
Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors.
CVE-2007-4026 1 Telaxus Llc 1 Epesi 2026-04-23 N/A
epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.