Search Results (121348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0374 2 Joomla, Mambo 2 Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
CVE-2007-5229 1 Feedburner 1 Feedsmith 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
CVE-2007-0380 1 Docman 1 Docman 2026-04-23 N/A
DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.
CVE-2007-0401 1 Easebay Resources 1 Login Manager 2026-04-23 N/A
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.
CVE-2007-3336 1 Ingres 1 Database Server 2026-04-23 N/A
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
CVE-2007-3346 1 Php Accounts 1 Php Accounts 2026-04-23 N/A
Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter.
CVE-2009-2766 1 Dd-wrt 1 Dd-wrt 2026-04-23 N/A
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
CVE-2007-3363 1 Ageet 1 Agephone 2026-04-23 N/A
Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets.
CVE-2008-5691 1 Phonecian Casino 1 Flashax 2026-04-23 N/A
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
CVE-2008-0229 1 Level One 1 Wbr-3460a 2026-04-23 N/A
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.
CVE-2007-0565 1 Cgi-rescue 1 Shopping Basket Professional 2026-04-23 N/A
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.
CVE-2007-0577 1 Acgvclick 1 Acgvclick 2026-04-23 N/A
PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0648 1 Cisco 1 Ios 2026-04-23 N/A
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
CVE-2007-0657 1 Alientrap 1 Nexuiz 2026-04-23 N/A
Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.
CVE-2007-5306 1 Yannick Tanguy 1 Else If Cms 2026-04-23 N/A
ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.
CVE-2007-0704 1 Somery 1 Somery 2026-04-23 N/A
PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation.
CVE-2007-0995 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
CVE-2007-1100 1 Pickle 1 Pickle 2026-04-23 N/A
Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-1107 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
CVE-2007-5313 1 Script-solution.de 1 Picturesolution 2026-04-23 N/A
PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.