Total
29901 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4511 | 1 Sun | 1 Java System Application Server | 2026-04-23 | N/A |
| The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. | ||||
| CVE-2007-0233 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. | ||||
| CVE-2007-0237 | 1 Lookup | 1 Lookup | 2026-04-23 | N/A |
| The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2007-0250 | 1 Nwom | 1 Nwom Topsites | 2026-04-23 | N/A |
| index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error. | ||||
| CVE-2007-0253 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2026-04-23 | N/A |
| Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven | ||||
| CVE-2007-0277 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. | ||||
| CVE-2007-0285 | 1 Oracle | 3 Application Server, Collaboration Suite, E-business Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. | ||||
| CVE-2007-0287 | 1 Oracle | 2 Application Server, Collaboration Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08. | ||||
| CVE-2007-0288 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01. | ||||
| CVE-2007-4534 | 1 Vavoom | 1 Vavoom | 2026-04-23 | N/A |
| Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field. | ||||
| CVE-2007-4536 | 1 Torrenttrader | 1 Torrenttrader | 2026-04-23 | N/A |
| TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files. | ||||
| CVE-2007-0316 | 1 All In One Control Panel | 1 All In One Control Panel | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. | ||||
| CVE-2007-0319 | 1 Motive Incorporated | 2 Self Service Manager, Service Activation Manager | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-0324 | 1 Lizardtech | 1 Djvu Browser Plug-in | 2026-04-23 | N/A |
| Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-7066 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. | ||||
| CVE-2006-7058 | 1 Sphider | 1 Sphider | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7057 | 1 Sphider | 1 Sphider | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2. | ||||
| CVE-2006-7055 | 1 Sweetphp | 1 Totalcalendar | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922. | ||||
| CVE-2006-7043 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery. | ||||
| CVE-2006-7042 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. | ||||