Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0252 1 Easy-content Filemanager 1 Easy-content Filemanager 2026-04-23 N/A
Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.
CVE-2007-0287 1 Oracle 2 Application Server, Collaboration Suite 2026-04-23 N/A
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
CVE-2007-0296 1 Oracle 2 Enterpriseone, Peoplesoft Enterprise 2026-04-23 N/A
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.
CVE-2006-6075 1 Baalasp 1 Smart Form Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0306 1 Digiappz 1 Digiaffiliate 2026-04-23 N/A
SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4157 1 Phpblogger 1 Php-blogger 2026-04-23 N/A
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.
CVE-2007-0250 1 Nwom 1 Nwom Topsites 2026-04-23 N/A
index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.
CVE-2008-1836 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
CVE-2007-0308 1 Plain Black 1 Webgui 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.
CVE-2007-0423 1 Oracle 1 Weblogic Portal 2026-04-23 N/A
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
CVE-2006-6067 1 20 20 Applications 1 20 20 Datashed 2026-04-23 N/A
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
CVE-2007-0422 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
CVE-2006-6948 1 Myodbc 1 Myodbc 2026-04-23 N/A
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
CVE-2007-0309 1 Francisco Burzi 1 Php-nuke 2026-04-23 N/A
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-0248 1 Squid 1 Squid 2026-04-23 N/A
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
CVE-2007-0939 1 Microsoft 1 Content Management Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
CVE-2007-0312 1 Wcsimple Poll 1 Wcsimple Poll 2026-04-23 N/A
wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.
CVE-2006-6952 1 Ca 1 Host-based Intrusion Prevention System 2026-04-23 N/A
Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
CVE-2007-0907 3 Php, Redhat, Trustix 5 Php, Enterprise Linux, Rhel Application Stack and 2 more 2026-04-23 N/A
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
CVE-2007-0550 1 212cafe 1 212cafeboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.