Export limit exceeded: 350920 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350920 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2732 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. | ||||
| CVE-2007-2733 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448. | ||||
| CVE-2007-2735 | 1 Touteresa | 1 Resmanager | 2026-04-23 | N/A |
| SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter. | ||||
| CVE-2007-2743 | 1 Glossword | 1 Glossword | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | ||||
| CVE-2007-2744 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2026-04-23 | N/A |
| Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657. | ||||
| CVE-2007-2745 | 1 Vdesk | 1 Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||
| CVE-2007-2746 | 1 Plain Black | 1 Webgui | 2026-04-23 | N/A |
| The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact. | ||||
| CVE-2007-2747 | 1 Rdiffweb | 1 Rdiffweb | 2026-04-23 | N/A |
| Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI. | ||||
| CVE-2007-2748 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | ||||
| CVE-2007-2749 | 1 Faqengine | 1 Faqengine | 2026-04-23 | N/A |
| SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. | ||||
| CVE-2007-2750 | 1 Simpnews | 1 Simpnews | 2026-04-23 | N/A |
| SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. | ||||
| CVE-2007-2752 | 1 Runawaysoft | 1 Haber Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2753 | 1 Runawaysoft | 1 Haber Portal | 2026-04-23 | N/A |
| RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. | ||||
| CVE-2007-2755 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2026-04-23 | N/A |
| The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744. | ||||
| CVE-2007-2757 | 1 Dean J Robinson | 1 Redoable | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php. | ||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2026-04-23 | N/A |
| Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | ||||
| CVE-2007-2760 | 1 Adempiere | 1 Adempiere | 2026-04-23 | N/A |
| The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2761 | 1 Magiciso | 1 Magiciso | 2026-04-23 | N/A |
| Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file. | ||||
| CVE-2007-2763 | 1 Sienzo | 1 Digital Music Mentor | 2026-04-23 | N/A |
| Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564. | ||||
| CVE-2007-2765 | 1 Ac Zoom | 1 Blockhosts | 2026-04-23 | N/A |
| blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301. | ||||