Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1848 1 Drake Team 1 Drake Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
CVE-2007-1852 1 Ben3w 1 2bgal 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used
CVE-2007-1853 1 Hitachi 5 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 2 more 2026-04-23 N/A
Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors.
CVE-2007-1868 1 Ibm 1 Tivoli Provisioning Manager Os Deployment 2026-04-23 N/A
The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.
CVE-2007-1869 1 Lighttpd 1 Lighttpd 2026-04-23 N/A
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
CVE-2007-2390 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
CVE-2007-1892 1 Akamai Technologies 1 Download Manager 2026-04-23 N/A
Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891.
CVE-2007-1908 1 Php121 1 Php121 Instant Messenger 2026-04-23 N/A
PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
CVE-2007-1909 1 Ryan Haudenschilt 1 Battle.net Clan Script 2026-04-23 N/A
SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.
CVE-2007-1911 1 Microsoft 1 Word 2026-04-23 N/A
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
CVE-2007-1940 1 Ibm 1 Tivoli Business Service Manager 2026-04-23 N/A
IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.
CVE-2007-2481 1 Ruben Boelinger 1 Wordtube 2026-04-23 N/A
PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.
CVE-2007-2482 1 Ruben Boelinger 1 Wordtube 2026-04-23 N/A
Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.
CVE-2007-2392 1 Apple 2 Mac Os X, Quicktime 2026-04-23 N/A
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.
CVE-2007-2394 1 Apple 2 Mac Os X, Quicktime 2026-04-23 N/A
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
CVE-2007-2487 1 Atomix Productions 1 Atomixmp3 2026-04-23 N/A
Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287.
CVE-2007-2488 1 Asterisk 1 Asterisk 2026-04-23 N/A
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
CVE-2007-2490 1 Livedata 3 Iccp Server, Maintenance Server, Protocol Server 2026-04-23 N/A
Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets.
CVE-2007-2493 1 Mxbb 2 Mxbb Faq, Mxbb Rules 2026-04-23 N/A
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-0867 1 Site-assistant 1 Site-assistant 2026-04-23 N/A
PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.