Export limit exceeded: 353032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3494 | 1 Papoo | 1 Papoo | 2026-04-23 | N/A |
| Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact. | ||||
| CVE-2007-3495 | 1 Sap | 2 Sap Basis Component 640, Sap Basis Component 700 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. | ||||
| CVE-2007-3496 | 1 Sap | 4 Netweaver Nw04, Netweaver Nw04s, Sap Basis Component 640 and 1 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||
| CVE-2007-3497 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. | ||||
| CVE-2007-3498 | 1 Htmlpurifier | 1 Htmlpurifier | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output." | ||||
| CVE-2007-3499 | 1 Slackroll | 1 Slackroll | 2026-04-23 | N/A |
| SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures. | ||||
| CVE-2007-3502 | 1 Kaspersky Lab | 1 Kaspersky Anti-spam | 2026-04-23 | N/A |
| Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. | ||||
| CVE-2007-3505 | 1 Qt-cute | 1 Quicktalk Forum | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php. | ||||
| CVE-2007-3506 | 1 Freetype | 1 Freetype | 2026-04-23 | N/A |
| The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." | ||||
| CVE-2007-3507 | 1 Flac123 | 1 Flac123 | 2026-04-23 | N/A |
| Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length. | ||||
| CVE-2007-3509 | 1 Symantec | 1 Veritas Backup Exec | 2026-04-23 | N/A |
| Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. | ||||
| CVE-2007-3511 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. | ||||
| CVE-2007-3512 | 1 Wakwak | 1 Lhaca File Archiver | 2026-04-23 | N/A |
| Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375. | ||||
| CVE-2007-3513 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). | ||||
| CVE-2007-3514 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. | ||||
| CVE-2007-3515 | 1 Sweetphp | 1 Totalcalendar | 2026-04-23 | N/A |
| SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3517 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. | ||||
| CVE-2007-3518 | 1 Hispah | 1 Youtube Clone Script | 2026-04-23 | N/A |
| SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3519 | 1 Wesmo | 1 Phpeventcalendar | 2026-04-23 | N/A |
| SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3520 | 1 Easybe | 1 1-2-3 Music Store | 2026-04-23 | N/A |
| SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | ||||