Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1850 1 Drake Team 1 Drake Cms 2026-04-23 N/A
Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
CVE-2007-4847 1 Google 1 Picasa 2026-04-23 N/A
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
CVE-2007-1858 2 Apache, Redhat 3 Tomcat, Network Satellite, Rhel Application Server 2026-04-23 N/A
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
CVE-2007-1965 1 Exv2 1 Content Management System 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
CVE-2007-1967 1 Stat12 1 Stat12 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This is probably an invalid report based on analysis by CVE and a third party
CVE-2007-1969 1 Sam Crew 1 Myblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2007-1971 1 Gazi Okul Sitesi 1 Gazi Okul Sitesi 2026-04-23 N/A
SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.
CVE-2007-1987 1 Phpecho Cms 1 Phpecho Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use
CVE-2007-1988 1 Phpecho Cms 1 Phpecho Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2007-1990 1 Sam Crew 1 Myblog 2026-04-23 N/A
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2001 1 Crea-book 1 Crea-book 2026-04-23 N/A
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
CVE-2007-2102 1 My Little Homepage 1 My Little Weblog 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087.
CVE-2007-2103 1 My Little Homepage 1 My Little Forum 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php.
CVE-2007-2107 1 Rha7 Downloads 1 Rha7 Downloads 2026-04-23 N/A
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2123 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.
CVE-2007-2179 1 Raiden Professional Servers 1 Raidenftpd 2026-04-23 N/A
Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.
CVE-2007-2219 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-23 N/A
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
CVE-2007-2228 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more 2026-04-23 N/A
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
CVE-2007-2231 2 Dovecot, Redhat 2 Dovecot, Enterprise Linux 2026-04-23 N/A
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
CVE-2006-6838 1 Rediff 1 Bol Downloader Activex Ocx Control 2026-04-23 N/A
Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.