Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0609 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-23 N/A
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
CVE-2007-0610 1 Cmsmadesimple 1 Cms Made Simple 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-4807 1 Enlightenment 1 Imlib2 2026-04-23 N/A
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
CVE-2007-0617 1 Earthlink 1 Total Access 2026-04-23 N/A
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.
CVE-2007-0619 1 Chmlib 1 Chmlib 2026-04-23 N/A
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
CVE-2007-0620 1 Vlad Leont 1 Fd Script 2026-04-23 N/A
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
CVE-2007-0625 1 Nomachine 1 Nx Server 2026-04-23 N/A
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.
CVE-2007-0624 1 Maxdev 1 Mdpro 2026-04-23 N/A
user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.
CVE-2007-0627 1 Michael Still 1 Gtalkbot 2026-04-23 N/A
Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2007-0628 1 Sun 1 Java System Access Manager 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-6223 1 Google 2 Mini Search Appliance, Search Appliance 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
CVE-2007-0632 1 Asp Edge 1 Asp Edge 2026-04-23 N/A
SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.
CVE-2007-0635 1 Encapscms 1 Encapscms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.
CVE-2007-0636 1 Inotify 1 Incron 2026-04-23 N/A
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
CVE-2006-5464 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2007-0639 1 Guppy 1 Guppy 2026-04-23 N/A
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].
CVE-2007-0641 1 Shaffer Solutions Corp 1 Dapcnfsd.dll 2026-04-23 N/A
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
CVE-2007-0643 1 Bloodshed Software 1 Dev-c\+\+ 2026-04-23 N/A
Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
CVE-2006-3974 1 3com 1 3cr860-95 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.
CVE-2007-0650 1 Makeindex 1 Makeindex 2026-04-23 N/A
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.