Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3215 | 1 Phpmailer | 1 Phpmailer | 2026-04-23 | N/A |
| PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. | ||||
| CVE-2007-3219 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. | ||||
| CVE-2007-3220 | 1 Xoops | 1 Cjay Content Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656. | ||||
| CVE-2007-1808 | 1 Camportail | 1 Camportail | 2026-04-23 | N/A |
| SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action. | ||||
| CVE-2007-2814 | 1 Pegasus | 1 Imagn Activex Control | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. | ||||
| CVE-2007-3225 | 1 Sun | 1 Java System Directory Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. | ||||
| CVE-2007-1809 | 1 Grafx Software | 1 Company Website Builder | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513. | ||||
| CVE-2007-3231 | 1 Mecab | 1 Mecab | 2026-04-23 | N/A |
| Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. | ||||
| CVE-2007-3232 | 1 Ibm | 1 Totalstorage Ds400 | 2026-04-23 | N/A |
| The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. | ||||
| CVE-2007-3249 | 1 Joomla | 1 Letterman Subscriber | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | ||||
| CVE-2007-3250 | 1 Elxis | 1 Elxis Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected. | ||||
| CVE-2007-1810 | 1 Kaotik | 1 Kshop | 2026-04-23 | N/A |
| SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | ||||
| CVE-2006-6458 | 1 Trend Micro | 3 Officescan, Pc Cillin - Internet Security 2006, Serverprotect | 2026-04-23 | N/A |
| The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. | ||||
| CVE-2007-1820 | 1 Nortel | 2 Callpilot, Meridian Mail | 2026-04-23 | N/A |
| Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). | ||||
| CVE-2007-1812 | 1 Bt-sondage | 1 Bt-sondage | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter. | ||||
| CVE-2007-1821 | 1 Sprint | 1 Sprint Voice | 2026-04-23 | N/A |
| Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | ||||
| CVE-2006-6596 | 1 Hilgraeve | 1 Hyperaccess | 2026-04-23 | N/A |
| HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer. | ||||
| CVE-2009-1055 | 1 Sitecore | 1 Cms | 2026-04-23 | N/A |
| Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests. | ||||
| CVE-2007-1826 | 1 Cisco | 2 Unified Callmanager, Unified Presence Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. | ||||