Export limit exceeded: 29902 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0385 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. | ||||
| CVE-2007-0386 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug." | ||||
| CVE-2007-0387 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2007-0405 | 1 Django Project | 1 Django | 2026-04-23 | N/A |
| The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. | ||||
| CVE-2007-0390 | 1 Sabros.us | 1 Sabros.us | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | ||||
| CVE-2007-0391 | 1 Bitdefender | 1 Bitdefender Client | 2026-04-23 | N/A |
| Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings. | ||||
| CVE-2007-0392 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | ||||
| CVE-2007-0393 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | ||||
| CVE-2007-0394 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | ||||
| CVE-2007-0395 | 1 Comvironment | 1 Comvironment | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | ||||
| CVE-2007-0396 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. | ||||
| CVE-2007-0414 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. | ||||
| CVE-2007-0398 | 1 Arnotic | 1 A-forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field. | ||||
| CVE-2007-0399 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. | ||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2007-0401 | 1 Easebay Resources | 1 Login Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter. | ||||
| CVE-2007-0402 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2007-0403 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||
| CVE-2007-0404 | 1 Django Project | 1 Django | 2026-04-23 | N/A |
| bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file. | ||||
| CVE-2007-0407 | 1 Plain Black | 1 Webgui | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed. | ||||