Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2688 | 1 Cisco | 2 Ios, Ips Sensor Software | 2026-04-23 | N/A |
| The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | ||||
| CVE-2007-2691 | 4 Canonical, Debian, Mysql and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2026-04-23 | N/A |
| MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | ||||
| CVE-2007-2695 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. | ||||
| CVE-2007-2698 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. | ||||
| CVE-2007-2703 | 1 Oracle | 1 Weblogic Portal | 2026-04-23 | N/A |
| BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. | ||||
| CVE-2007-2706 | 1 Geeklog | 1 Media Gallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter. | ||||
| CVE-2007-2710 | 1 Nagiosql | 1 Nagiosql | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2713 | 1 Ifusionservices | 1 Ifdate | 2026-04-23 | N/A |
| ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. | ||||
| CVE-2007-2720 | 1 Group-office | 1 Group-office Groupware | 2026-04-23 | N/A |
| Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2724 | 1 Fotolog | 1 Fotolog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-2729 | 1 Comodo | 2 Comodo Firewall Pro, Comodo Personal Firewall | 2026-04-23 | N/A |
| Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | ||||
| CVE-2007-2732 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. | ||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2740 | 1 Xajax | 1 Xajax | 2026-04-23 | N/A |
| Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS. | ||||
| CVE-2007-2746 | 1 Plain Black | 1 Webgui | 2026-04-23 | N/A |
| The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact. | ||||
| CVE-2007-2750 | 1 Simpnews | 1 Simpnews | 2026-04-23 | N/A |
| SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. | ||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2026-04-23 | N/A |
| Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | ||||
| CVE-2007-2761 | 1 Magiciso | 1 Magiciso | 2026-04-23 | N/A |
| Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file. | ||||
| CVE-2007-2767 | 1 Opendap | 2 Bes, Hyrax | 2026-04-23 | N/A |
| Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors. | ||||
| CVE-2007-2771 | 1 Lead Technologies | 1 Leadtools Jpeg 2000 | 2026-04-23 | N/A |
| Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property. | ||||