Export limit exceeded: 350441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350441 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0090 | 1 Fermentigrafici | 1 Wineglass | 2026-04-23 | N/A |
| WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. | ||||
| CVE-2007-0091 | 1 Katy Whitton Web Development | 1 Newscmslite | 2026-04-23 | N/A |
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | ||||
| CVE-2007-0093 | 1 Cms-center | 1 Simple Web Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0094 | 1 Sven Moderow | 1 Sven Moderow Guestbook | 2026-04-23 | N/A |
| Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. | ||||
| CVE-2007-0095 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | ||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2026-04-23 | N/A |
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | ||||
| CVE-2007-0097 | 1 Conexware | 1 Powerarchiver 2006 | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. | ||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2026-04-23 | N/A |
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | ||||
| CVE-2007-0099 | 1 Microsoft | 2 Internet Explorer, Xml Core Services | 2026-04-23 | N/A |
| Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." | ||||
| CVE-2007-0101 | 1 Spine | 1 Spine | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0102 | 1 Apple | 1 Preview | 2026-04-23 | N/A |
| The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||||
| CVE-2007-0103 | 1 Adobe | 1 Acrobat Reader | 2026-04-23 | N/A |
| The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||||
| CVE-2007-0104 | 2 Kde, Xpdf | 2 Kde, Xpdf | 2026-04-23 | N/A |
| The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||||
| CVE-2007-0105 | 1 Cisco | 1 Secure Access Control Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | ||||
| CVE-2007-0106 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. | ||||
| CVE-2007-0107 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. | ||||
| CVE-2006-5904 | 1 Mwchat Pro | 1 Mwchat Pro | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869. | ||||
| CVE-2007-0109 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | ||||
| CVE-2007-0111 | 1 Resco | 1 Photo Viewer | 2026-04-23 | N/A |
| Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image. | ||||
| CVE-2007-0112 | 1 Createauction | 1 Createauction | 2026-04-23 | N/A |
| SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||