Search Results (362544 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5780 1 Telematic Lab 1 Teatro 2026-04-23 N/A
PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
CVE-2007-5781 1 Sige 1 Sige 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
CVE-2007-5783 1 Emagic-cms 1 Emagic Cms.net 2026-04-23 N/A
SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
CVE-2007-5784 1 Caupo.net 1 Cauposhop Pro 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2007-5785 1 Jobsiteprofessional 1 Jobsite Professional 2026-04-23 N/A
SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5786 1 A-enterprise 1 Gosamba 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.
CVE-2007-5787 1 Phptoys 1 Micro Login System 2026-04-23 N/A
Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.
CVE-2007-5788 1 Grandstream 1 Ht488 2026-04-23 N/A
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.
CVE-2007-5789 1 Grandstream 1 Ht488 2026-04-23 N/A
The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
CVE-2007-5790 1 Globe7 1 Globe7 2026-04-23 N/A
The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.
CVE-2007-5791 1 Vonage 1 Motorola Phone Adapter Vt2142-vd 2026-04-23 N/A
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
CVE-2007-5792 1 Vonage 1 Motorola Phone Adapter Vt2142-vd 2026-04-23 N/A
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
CVE-2007-5793 1 Stonesoft 1 Stonegate Ips 2026-04-23 N/A
Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.
CVE-2007-5794 2 Nss Ldap, Redhat 2 Nss Ldap, Enterprise Linux 2026-04-23 N/A
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
CVE-2007-5795 2 Debian, Gnu 2 Debian Linux, Emacs 2026-04-23 N/A
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
CVE-2007-5796 1 Symantec 2 Proxysg, Proxysg Firmware 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
CVE-2007-5797 1 Apache 1 Geronimo 2026-04-23 N/A
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
CVE-2007-5798 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.
CVE-2007-5799 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.
CVE-2007-5800 2 Tom Willmot, Wordpress 2 Backupwordpress Plugin, Wordpress 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.