Export limit exceeded: 356038 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3548 | 1 W3filer | 1 W3filer | 2026-04-23 | N/A |
| Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. | ||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-3552 | 1 Bbs100 | 1 Bbs100 | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-3554 | 1 Hp | 1 Instant Support | 2026-04-23 | N/A |
| Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function. | ||||
| CVE-2007-3556 | 1 Doubleflex | 1 Liesbeth Base Cms | 2026-04-23 | N/A |
| Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc. | ||||
| CVE-2007-3557 | 1 Wheatblog | 1 Wheatblog | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | ||||
| CVE-2007-3558 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | ||||
| CVE-2007-3555 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | ||||
| CVE-2007-3559 | 1 Php-fusion | 1 Php-fusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. | ||||
| CVE-2007-3560 | 1 Esqlanelapse | 1 Esqlanelapse | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | ||||
| CVE-2007-3561 | 1 Webixir | 1 Efendy Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3562 | 1 Php Director | 1 Php Director | 2026-04-23 | N/A |
| SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3564 | 1 Libcurl | 1 Libcurl | 2026-04-23 | N/A |
| libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. | ||||
| CVE-2007-3566 | 1 Borland Software | 1 Interbase | 2026-04-23 | N/A |
| Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp. | ||||
| CVE-2007-3567 | 1 Mysqldumper | 1 Mysqldumper | 2026-04-23 | N/A |
| MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. | ||||
| CVE-2007-3568 | 1 Imlib | 1 Imlib | 2026-04-23 | N/A |
| The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | ||||
| CVE-2007-3569 | 1 Softlink Europe | 1 Oliver Library Management System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. | ||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2026-04-23 | N/A |
| The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | ||||
| CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2026-04-23 | N/A |
| The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | ||||
| CVE-2007-3572 | 1 Yoggie | 2 Pico, Pico Pro | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). | ||||