Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3777 | 1 Grisoft | 1 Avg Antivirus | 2026-04-23 | N/A |
| avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler. | ||||
| CVE-2007-3778 | 1 Squirrelmail | 1 Gpg Plugin | 2026-04-23 | N/A |
| The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. | ||||
| CVE-2007-3783 | 1 Envivosoft | 1 Envivo Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4. | ||||
| CVE-2007-3784 | 1 Belkin | 1 F5d7231-4 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. | ||||
| CVE-2007-3785 | 1 Eldos Corporation | 1 Secureblackbox | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3786 | 1 Esoft | 1 Instagate Ex2 Utm | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer | ||||
| CVE-2007-3787 | 1 Esoft | 1 Instagate Ex2 Utm | 2026-04-23 | N/A |
| The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks. | ||||
| CVE-2007-3788 | 1 Esoft | 1 Instagate Ex2 Utm | 2026-04-23 | N/A |
| The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document. | ||||
| CVE-2007-3790 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | ||||
| CVE-2007-3792 | 1 Azerbaijan Development Group | 1 Azdgdating | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/. | ||||
| CVE-2007-3793 | 1 Hitachi | 1 Jp1-netm-dm Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-3795 | 1 Hitachi | 1 Tpi Server Base | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port. | ||||
| CVE-2007-4325 | 1 Mapos Scripts | 1 Gaestebuch | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. | ||||
| CVE-2007-4326 | 1 Mapos Scripts | 1 Bilder Uploader | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts. | ||||
| CVE-2007-4327 | 1 Mapos Scripts | 1 File Uploader | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php. | ||||
| CVE-2007-4329 | 1 Mapos Scripts | 1 Web News | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php. | ||||
| CVE-2007-4330 | 1 Mapos Scripts | 1 Shoutbox | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | ||||
| CVE-2007-4332 | 1 Article Dashboard | 1 Article Dashboard | 2026-04-23 | N/A |
| SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4334 | 1 Php-stats | 1 Php-stats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. | ||||
| CVE-2007-4335 | 1 Qbik | 1 Wingate | 2026-04-23 | N/A |
| Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. | ||||