Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4018 1 Citrix 1 Access Gateway 2026-04-23 N/A
Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
CVE-2007-4022 1 Cpanel 1 Cpanel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
CVE-2007-4042 2 Microsoft, Netscape 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more 2026-04-23 N/A
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
CVE-2006-6065 1 Mxbb 1 Calsnails Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-4059 1 Vmware 1 Workstation 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
CVE-2007-0467 1 Apple 1 Mac Os X 2026-04-23 N/A
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
CVE-2007-4063 1 Drupal 1 Drupal 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.
CVE-2007-4067 1 Clever Components 1 Internet Activex Suite 2026-04-23 N/A
Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.
CVE-2007-4075 1 Asp Indir 1 Alisveris Sitesi Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6064 1 Fuzzball Muck 1 Fuzzball Muck 2026-04-23 N/A
Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages.
CVE-2007-4080 1 Alstrasoft 1 E-friends 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
CVE-2007-4082 1 Alstrasoft 1 Article Manager Pro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVE-2007-4085 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
CVE-2007-4089 1 Vikingboard 1 Vikingboard 2026-04-23 N/A
Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components.
CVE-2007-4099 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.
CVE-2007-4104 1 Wp-feedstats 1 Wordpress Plugin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.
CVE-2007-4105 1 Baidu 1 Soba Search Bar 2026-04-23 N/A
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.
CVE-2007-4106 1 Codewidgets 2 Pay Roll - Time Sheet, Punch Card 2026-04-23 N/A
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4107 1 Phpmyforum 1 Phpmyforum 2026-04-23 N/A
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-4110 1 Codewidgets 1 Threaded Discussion Forum Application 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.