Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2849 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2026-04-23 | N/A |
| KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check. | ||||
| CVE-2007-2854 | 1 Bti-tracker | 1 Bti-tracker | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | ||||
| CVE-2007-2858 | 1 Phpbb | 1 Ip-tracking | 2026-04-23 | N/A |
| SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. | ||||
| CVE-2007-3667 | 1 Activereportsexcelreport | 1 Activereportsexcelreport | 2026-04-23 | N/A |
| Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable. | ||||
| CVE-2007-3646 | 1 Flashgamescript | 1 Flashgamescript | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. | ||||
| CVE-2007-2861 | 1 Saxon | 1 Saxon | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. | ||||
| CVE-2007-5639 | 1 Nortel | 15 Ip Audio Conference Phone 2033, Ip Phone 1110, Ip Phone 1120e and 12 more | 2026-04-23 | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server. | ||||
| CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2026-04-23 | N/A |
| Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | ||||
| CVE-2007-3631 | 1 Gamesitescript | 1 Gamesitescript | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | ||||
| CVE-2007-0168 | 1 Broadcom | 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite | 2026-04-23 | N/A |
| The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed. | ||||
| CVE-2007-2862 | 1 Devellion | 1 Cubecart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. | ||||
| CVE-2007-3741 | 3 Gnu, Mandriva, Redhat | 3 Gimp, Linux, Enterprise Linux | 2026-04-23 | N/A |
| The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | ||||
| CVE-2007-2863 | 2 Broadcom, Ca | 6 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 3 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. | ||||
| CVE-2007-3710 | 1 Php Comet-server | 1 Php Comet-server | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter. | ||||
| CVE-2007-2864 | 2 Broadcom, Ca | 13 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Common Services and 10 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. | ||||
| CVE-2007-3688 | 1 Dotclear | 1 Dotclear | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages. | ||||
| CVE-2007-2866 | 1 Phpecho Cms | 1 Phpecho Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0698 | 1 Mentiss Acgv | 1 Acgvannu | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2870 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. | ||||
| CVE-2007-2971 | 1 Greg Neustaetter | 1 Gcards | 2026-04-23 | N/A |
| SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | ||||