Total
29899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter. | ||||
| CVE-2006-7016 | 1 Phpjobboard | 1 Phpjobboard | 2026-04-23 | N/A |
| phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. | ||||
| CVE-2007-0953 | 1 Atmail | 1 Atmail Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | ||||
| CVE-2006-6657 | 1 Netbsd | 1 Netbsd | 2026-04-23 | N/A |
| The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. | ||||
| CVE-2007-0796 | 1 Bluecoat | 1 Winproxy | 2026-04-23 | N/A |
| Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption. | ||||
| CVE-2007-0751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | ||||
| CVE-2007-4054 | 1 Php123 | 1 Top Sites | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2007-4059 | 1 Vmware | 1 Workstation | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method. | ||||
| CVE-2007-4077 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. | ||||
| CVE-2007-0492 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3894 | 2 Dag.wieers, Redhat | 2 Dstat, Enterprise Linux | 2026-04-23 | N/A |
| Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory. | ||||
| CVE-2007-1028 | 1 Barry Jaspan | 1 Image Pager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element. | ||||
| CVE-2007-1030 | 1 Niels Provos | 1 Libevent | 2026-04-23 | N/A |
| Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. | ||||
| CVE-2007-1046 | 1 Dem Trac | 1 Dem Trac | 2026-04-23 | N/A |
| Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt. | ||||
| CVE-2007-3088 | 1 Gaya Design | 1 Comicsense | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter. | ||||
| CVE-2008-1687 | 1 Gnu | 1 M4 | 2026-04-23 | N/A |
| The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename. | ||||
| CVE-2007-3055 | 1 Codelib | 1 Linker | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2007-3070 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | ||||
| CVE-2007-3096 | 1 Pblang | 1 Pblang | 2026-04-23 | N/A |
| Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2007-3097 | 1 F5 | 1 Firepass 4100 | 2026-04-23 | N/A |
| my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. | ||||