Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5826 1 Edraw 1 Flowchart Activex 2026-04-23 N/A
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
CVE-2007-5827 2 Debian, Iscsitarget 2 Debian Linux, Iscsitarget 2026-04-23 N/A
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
CVE-2007-5828 1 Django Project 1 Django 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module
CVE-2007-5829 1 Symantec 2 Norton Antivirus, Norton Internet Security 2026-04-23 N/A
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
CVE-2007-5830 1 Avaya 2 Message Networking, Messaging Storage Server 2026-04-23 N/A
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
CVE-2007-5831 1 Ssl-explorer 1 Ssl-explorer 2026-04-23 N/A
Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-5832 1 Ssl-explorer 1 Ssl-explorer 2026-04-23 N/A
Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information.
CVE-2007-5833 1 Bosdev 1 Bosmarket Business Directory System 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post.
CVE-2007-5834 1 Bosdev 1 Bosnews 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.
CVE-2007-5835 1 Bosdev 1 Bosnews 2026-04-23 N/A
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
CVE-2007-5836 1 Afcommerce 1 Afcommerce 2026-04-23 N/A
SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5837 1 Yarssr 1 Yarssr 2026-04-23 N/A
GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.
CVE-2007-5838 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
CVE-2007-5839 1 Bitchx 1 Bitchx 2026-04-23 N/A
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
CVE-2007-5840 1 Syndeocms 1 Syndeocms 2026-04-23 N/A
PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.
CVE-2007-5841 1 Nuboard 1 Nuboard 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-5842 1 Vortex Portal 1 Vortex Portal 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.
CVE-2007-5843 1 Scwiki 1 Scwiki 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
CVE-2007-5844 1 Guppy 1 Guppy 2026-04-23 N/A
Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter.
CVE-2007-5845 1 Guppy 1 Guppy 2026-04-23 N/A
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.