Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0526 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | ||||
| CVE-2007-0531 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | ||||
| CVE-2007-4026 | 1 Telaxus Llc | 1 Epesi | 2025-04-09 | N/A |
| epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0532 | 1 Tuan Do | 1 Uploader | 2025-04-09 | N/A |
| Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | ||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2025-04-09 | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | ||||
| CVE-2007-0538 | 1 Telligent Systems | 1 Community Server Forums | 2025-04-09 | N/A |
| Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | ||||
| CVE-2007-4027 | 1 Areca | 1 Cli | 2025-04-09 | N/A |
| Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid. | ||||
| CVE-2007-0542 | 1 212cafe | 1 Guestbook | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-0543 | 1 Zixforum | 1 Zixforum | 2025-04-09 | N/A |
| ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. | ||||
| CVE-2007-0545 | 1 Maxtricity | 1 Tagger | 2025-04-09 | N/A |
| Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. | ||||
| CVE-2007-0557 | 1 Rmake | 1 Rmake | 2025-04-09 | N/A |
| rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. | ||||
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2025-04-09 | N/A |
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. | ||||
| CVE-2007-0566 | 1 Asp News | 1 Asp News | 2025-04-09 | N/A |
| SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0569 | 1 X-dev | 1 Xnews | 2025-04-09 | N/A |
| SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. | ||||
| CVE-2007-0571 | 1 Phpmyreports | 1 Phpmyreports | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter. | ||||
| CVE-2007-0583 | 1 Http Commander | 1 Http Commander | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0589 | 1 Forum Livre | 1 Forum Livre | 2025-04-09 | N/A |
| SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. | ||||
| CVE-2007-0590 | 1 Forum Livre | 1 Forum Livre | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter. | ||||
| CVE-2007-3943 | 1 Adaptive Business Design | 1 Infinite Responder | 2025-04-09 | N/A |
| SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||