Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3985 1 Securecomputing 1 Securityreporter 2026-04-23 N/A
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter.
CVE-2007-4007 1 Article Directory 1 Article Directory 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2007-4010 1 Php 1 Php 2026-04-23 N/A
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
CVE-2007-4014 1 Wordpress 3 Blix, Blixed, Blixkrieg 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4016 1 Citrix 1 Access Gateway 2026-04-23 N/A
Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2007-4017 1 Citrix 1 Access Gateway 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators.
CVE-2007-4018 1 Citrix 1 Access Gateway 2026-04-23 N/A
Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
CVE-2007-4022 1 Cpanel 1 Cpanel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
CVE-2007-4042 2 Microsoft, Netscape 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more 2026-04-23 N/A
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
CVE-2006-5936 1 Sitexpress 1 Sitexpress E-commerce System 2026-04-23 N/A
SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4059 1 Vmware 1 Workstation 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
CVE-2007-0467 1 Apple 1 Mac Os X 2026-04-23 N/A
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
CVE-2007-4063 1 Drupal 1 Drupal 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.
CVE-2007-4067 1 Clever Components 1 Internet Activex Suite 2026-04-23 N/A
Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.
CVE-2007-4075 1 Asp Indir 1 Alisveris Sitesi Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5935 1 Shopsystems 1 Shopsystems 2026-04-23 N/A
SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter.
CVE-2007-4080 1 Alstrasoft 1 E-friends 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
CVE-2007-4082 1 Alstrasoft 1 Article Manager Pro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVE-2007-4085 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
CVE-2007-4089 1 Vikingboard 1 Vikingboard 2026-04-23 N/A
Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components.