Export limit exceeded: 353033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1350 | 1 Novell | 1 Netmail | 2026-04-23 | N/A |
| Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. | ||||
| CVE-2007-1367 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. | ||||
| CVE-2006-4578 | 1 The Address Book | 1 The Address Book | 2026-04-23 | N/A |
| export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2007-1622 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. | ||||
| CVE-2007-1624 | 1 Realguestbook | 1 Realguestbook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1625 | 1 Realguestbook | 1 Realguestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data. | ||||
| CVE-2007-1630 | 1 Active Web Softwares | 1 Active Link Engine | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-1631 | 1 Clbox | 1 Clbox | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use | ||||
| CVE-2007-1634 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2026-04-23 | N/A |
| Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation. | ||||
| CVE-2007-1635 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2026-04-23 | N/A |
| Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | ||||
| CVE-2007-1639 | 1 Phpprojekt | 1 Phpprojekt | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files. | ||||
| CVE-2007-1640 | 1 Classweb | 1 Classweb | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. | ||||
| CVE-2007-1644 | 1 Microsoft | 1 All Windows | 2026-04-23 | N/A |
| The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). | ||||
| CVE-2007-1645 | 2 Futuresoft, Microsoft | 2 Tftp Server 2000, Windows 2000 | 2026-04-23 | N/A |
| Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. | ||||
| CVE-2007-1648 | 1 Dev0.de | 1 0irc | 2026-04-23 | N/A |
| 0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference. | ||||
| CVE-2007-1649 | 1 Php | 1 Php | 2026-04-23 | N/A |
| PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. | ||||
| CVE-2007-1651 | 1 Openid | 1 Openid | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site. | ||||
| CVE-2007-1652 | 1 Openid | 1 Openid | 2026-04-23 | N/A |
| OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. | ||||
| CVE-2007-1657 | 1 Python Software Foundation | 1 Python | 2026-04-23 | N/A |
| Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. | ||||
| CVE-2007-1658 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). | ||||