Export limit exceeded: 26297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26297 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6494 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-23 | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | ||||
| CVE-2007-6502 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-23 | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. | ||||
| CVE-2007-6509 | 1 Appian | 1 Business Process Management Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | ||||
| CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2026-04-23 | N/A |
| PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | ||||
| CVE-2007-6513 | 1 Hp | 1 Esupportdiagnostics | 2026-04-23 | N/A |
| HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method. | ||||
| CVE-2007-6514 | 2 Apache, Linux | 2 Http Server, Linux Kernel | 2026-04-23 | N/A |
| Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. | ||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | ||||
| CVE-2007-6527 | 1 Rickard Andersson | 1 Punbb | 2026-04-23 | N/A |
| uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. | ||||
| CVE-2007-6534 | 1 Microsoft | 1 Publisher | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | ||||
| CVE-2007-6536 | 1 Google | 1 Toolbar | 2026-04-23 | N/A |
| The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | ||||
| CVE-2007-6558 | 1 Totalplayer | 1 Totalplayer | 2026-04-23 | N/A |
| TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288. | ||||
| CVE-2007-6573 | 1 Qksoft | 1 Qk Smtp Server 3 | 2026-04-23 | N/A |
| QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. | ||||
| CVE-2007-6596 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | ||||
| CVE-2007-6606 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2007-6607 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages. | ||||
| CVE-2008-0457 | 1 Symantec | 1 Backupexec System Recovery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. | ||||
| CVE-2008-0473 | 1 Web Wiz | 1 Rich Text Editor | 2026-04-23 | N/A |
| RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors. | ||||
| CVE-2008-0475 | 1 Manageengine | 1 Applications Manager | 2026-04-23 | N/A |
| ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0506 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. | ||||
| CVE-2008-0526 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2026-04-23 | N/A |
| Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | ||||