Total
29901 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0567 | 1 Interactive-scripts.com | 1 Php Membership Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. | ||||
| CVE-2007-0569 | 1 X-dev | 1 Xnews | 2026-04-23 | N/A |
| SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. | ||||
| CVE-2007-0570 | 1 Johannes Gijsbers | 1 Ad Fundum Integratable News Script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter. | ||||
| CVE-2007-6351 | 2 Libexif Project, Redhat | 2 Libexif, Enterprise Linux | 2026-04-23 | N/A |
| libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. | ||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2026-04-23 | N/A |
| Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0599 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. | ||||
| CVE-2007-0605 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. | ||||
| CVE-2007-0606 | 1 W-agora | 1 W-agora | 2026-04-23 | N/A |
| w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | ||||
| CVE-2007-0609 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php. | ||||
| CVE-2007-0620 | 1 Vlad Leont | 1 Fd Script | 2026-04-23 | N/A |
| download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. | ||||
| CVE-2007-4702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. | ||||
| CVE-2007-0632 | 1 Asp Edge | 1 Asp Edge | 2026-04-23 | N/A |
| SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. | ||||
| CVE-2007-0635 | 1 Encapscms | 1 Encapscms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. | ||||
| CVE-2007-0641 | 1 Shaffer Solutions Corp | 1 Dapcnfsd.dll | 2026-04-23 | N/A |
| Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444. | ||||
| CVE-2007-0643 | 1 Bloodshed Software | 1 Dev-c\+\+ | 2026-04-23 | N/A |
| Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | ||||
| CVE-2007-0660 | 1 Dotnetnuke | 1 Dotnetnuke Iframe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." | ||||
| CVE-2007-0664 | 1 Acme Labs | 1 Thttpd | 2026-04-23 | N/A |
| thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files. | ||||
| CVE-2007-0669 | 1 Twiki | 1 Twiki | 2026-04-23 | N/A |
| Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files. | ||||
| CVE-2007-0687 | 1 Michelle | 1 L2j Dropcalc | 2026-04-23 | N/A |
| SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter. | ||||
| CVE-2007-0696 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611. | ||||