Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2793 1 Geeklog 1 Geeklog 2026-04-23 N/A
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
CVE-2007-2796 1 Arris 1 Cadant C3 Cmts 2026-04-23 N/A
Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
CVE-2007-2800 1 Eticket 1 Eticket 2026-04-23 N/A
index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
CVE-2007-2802 1 Rm 1 Rm Easymail Plus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.
CVE-2007-2806 1 Galix 1 Galix 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
CVE-2007-2807 1 Eggheads 1 Eggdrop Irc Bot 2026-04-23 N/A
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
CVE-2007-2810 1 Gazi Download Portal 1 Gazi Download Portal 2026-04-23 N/A
SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2812 1 Hlstats 1 Hlstats 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.
CVE-2007-2818 1 Cactusoft 1 Parodia 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter.
CVE-2007-2819 1 Track\+ 1 Track\+ 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.
CVE-2007-2821 1 Wordpress 1 Wordpress 2026-04-23 N/A
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
CVE-2007-2822 1 Wavelink Media 1 Tutorialcms 2026-04-23 N/A
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
CVE-2007-2825 1 Atmail 1 Atmail Webmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
CVE-2007-2828 1 Johntp 1 Adsense-deluxe 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
CVE-2007-2830 1 Madwifi 1 Madwifi 2026-04-23 N/A
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
CVE-2007-2832 1 Cisco 1 Call Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
CVE-2006-4098 1 Cisco 1 Secure Access Control Server 2026-04-23 N/A
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
CVE-2007-4355 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
CVE-2007-0380 1 Docman 1 Docman 2026-04-23 N/A
DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.
CVE-2004-2762 1 Ibm 2 Mvs, Tivoli Storage Manager 2026-04-23 N/A
The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.