Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1424 1 Softnews Media Group 1 Datalife Engine 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.
CVE-2007-1425 1 Triexa 1 Sonicmailer Pro 2026-04-23 N/A
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
CVE-2007-1427 1 Assetman 1 Assetman 2026-04-23 N/A
Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.
CVE-2007-1428 1 Php Labs 1 Jobsitepro 2026-04-23 N/A
SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
CVE-2007-1429 1 Moodle 1 Moodle 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.
CVE-2007-1430 1 Clip-share 1 Clipshare 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.
CVE-2007-1431 1 Pennmush 1 Pennmush 2026-04-23 N/A
Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions.
CVE-2007-1432 1 Grayscale 1 Grayscale Blog 2026-04-23 N/A
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.
CVE-2007-1433 1 Grayscale 1 Grayscale Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
CVE-2007-1434 1 Grayscale 1 Grayscale Blog 2026-04-23 N/A
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
CVE-2007-1435 1 D-link 1 Tftp Server 2026-04-23 N/A
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1436 2 Ledgersmb, Sql-ledger 2 Ledgersmb, Sql-ledger 2026-04-23 N/A
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
CVE-2007-1437 2 Ledgersmb, Sql-ledger 2 Ledgersmb, Sql-ledger 2026-04-23 N/A
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
CVE-2007-1438 1 X-ice 1 News System 2026-04-23 N/A
SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1439 1 Bitesser 1 Mysql Commander 2026-04-23 N/A
PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.
CVE-2007-1440 1 Jgbbs 1 Jgbbs 2026-04-23 N/A
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
CVE-2007-1442 1 Oracle 1 Database Server 2026-04-23 N/A
Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
CVE-2007-1445 1 Betaparticle 1 Betaparticle Blog 2026-04-23 N/A
SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
CVE-2007-1447 1 Broadcom 1 Brightstor Arcserve Backup 2026-04-23 N/A
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.
CVE-2007-1448 1 Broadcom 1 Brightstor Arcserve Backup 2026-04-23 N/A
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.