Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2014 1 Mynews 1 Mynews 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.
CVE-2007-2015 1 Request It 1 Request It 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
CVE-2007-2016 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
CVE-2007-2017 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.
CVE-2007-2018 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2007-2019 1 Tomex 1 Phpgalleryscript 2026-04-23 N/A
PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
CVE-2007-2020 1 Xodagallery 1 Xodagallery 2026-04-23 9.8 Critical
Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion
CVE-2007-2021 1 Pineapple Technologies 1 Lore 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4.
CVE-2007-2023 1 Secustick 1 Secustick Usb Flash Drive 2026-04-23 N/A
USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.
CVE-2007-2024 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
CVE-2007-2025 1 Phpwiki 1 Phpwiki 2026-04-23 N/A
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
CVE-2007-2026 2 Amavis, Gentoo 2 Virus Scanner, File 2026-04-23 N/A
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
CVE-2007-2028 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2026-04-23 N/A
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
CVE-2007-2289 1 Alexscriptengine 1 Download-engine 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW.
CVE-2007-2290 1 Cafelog 1 B2 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.
CVE-2007-2291 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.
CVE-2007-2293 1 Asterisk 1 Asterisk 2026-04-23 N/A
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
CVE-2007-2294 1 Asterisk 1 Asterisk 2026-04-23 N/A
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
CVE-2007-2297 1 Asterisk 1 Asterisk 2026-04-23 N/A
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
CVE-2007-2298 1 Gforge 1 Garennes 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.