Export limit exceeded: 350771 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350771 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1860 | 2 Apache, Redhat | 4 Tomcat Jk Web Server Connector, Network Satellite, Rhel Application Server and 1 more | 2026-04-23 | N/A |
| mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. | ||||
| CVE-2007-1862 | 1 Apache | 1 Http Server | 2026-04-23 | N/A |
| The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information. | ||||
| CVE-2007-1872 | 1 Toenda Software Development | 1 Toendacms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. | ||||
| CVE-2008-5719 | 1 Hitachi | 2 Groupmax Web Workflow Sdk Set For Active Server Pages, Groupmax Workflow To Development Kit For Active Server Pages | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-1869 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. | ||||
| CVE-2007-1870 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. | ||||
| CVE-2007-1866 | 1 Dproxy | 1 Dproxy | 2026-04-23 | N/A |
| Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465. | ||||
| CVE-2007-1867 | 1 Irfanview | 1 Irfanview | 2026-04-23 | N/A |
| Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file. | ||||
| CVE-2007-1868 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2026-04-23 | N/A |
| The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp. | ||||
| CVE-2007-1892 | 1 Akamai Technologies | 1 Download Manager | 2026-04-23 | N/A |
| Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. | ||||
| CVE-2007-1895 | 1 Sky Gunning | 1 Myspeach | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. | ||||
| CVE-2007-1896 | 1 Sky Gunning | 1 Myspeach | 2026-04-23 | N/A |
| Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie. | ||||
| CVE-2007-1899 | 1 Mywebland | 1 Mybloggie | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. | ||||
| CVE-2007-1901 | 1 Sonicbb | 1 Sonicbb | 2026-04-23 | N/A |
| SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message. | ||||
| CVE-2007-1902 | 1 Sonicbb | 1 Sonicbb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php. | ||||
| CVE-2007-1903 | 1 Sonicbb | 1 Sonicbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter. | ||||
| CVE-2007-1905 | 1 Pineapple Technologies | 1 Quizshock | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<". | ||||
| CVE-2007-1909 | 1 Ryan Haudenschilt | 1 Battle.net Clan Script | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter. | ||||
| CVE-2007-1907 | 1 Pathos | 1 Content Management System | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-1908 | 1 Php121 | 1 Php121 Instant Messenger | 2026-04-23 | N/A |
| PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. | ||||