Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0114 1 Sun 1 Java System Content Delivery Server 2026-04-23 N/A
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
CVE-2007-0133 1 Igeneric 1 Ig Shop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
CVE-2007-0116 1 Digger Solutions 1 Intranet Open Source 2026-04-23 N/A
Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.
CVE-2007-0120 1 Acunetix 1 Web Vulnerability Scanner 2026-04-23 N/A
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
CVE-2007-0121 1 Michael Romedahl 1 Ri Blog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2007-0123 1 Uber Uploader 1 Uber Uploader 2026-04-23 N/A
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
CVE-2007-0124 1 Drupal 1 Drupal 2026-04-23 N/A
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
CVE-2007-0129 1 Locazo 1 Locazolist Classifieds 2026-04-23 N/A
SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.
CVE-2007-0130 1 Igeneric 1 Ig Calendar 2026-04-23 N/A
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0135 1 Aratix 1 Aratix 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.
CVE-2007-0132 1 Igeneric 1 Ig Shop 2026-04-23 N/A
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3973 1 My Firewall Plus 1 My Firewall Plus 2026-04-23 N/A
My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.
CVE-2007-0141 1 Yet Another Link Directory 1 Yet Another Link Directory 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2007-0143 1 Nune 1 News Script 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.
CVE-2007-0144 1 Digitizing Quote And Ordering System 1 Digitizing Quote And Ordering System 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.
CVE-2006-4154 1 Apache 1 Http Server 2026-04-23 N/A
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
CVE-2007-0147 1 Cuyahoga 1 Cuyahoga 2026-04-23 N/A
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.
CVE-2007-0149 1 Ememberspro 1 Ememberspro 2026-04-23 N/A
EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.
CVE-2006-4806 1 Enlightenment 1 Imlib2 2026-04-23 N/A
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.
CVE-2007-0153 1 Adam Jarret 1 Ajlogin 2026-04-23 N/A
AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.