Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2545 | 1 Persism Cms | 1 Persism Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/. | ||||
| CVE-2007-2544 | 1 Php Toptree Bbs | 1 Php Toptree Bbs | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. | ||||
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2026-04-23 | N/A |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | ||||
| CVE-2007-2538 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. | ||||
| CVE-2007-2537 | 1 Npds | 1 Npds | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header. | ||||
| CVE-2007-2535 | 1 Winace | 1 Winace | 2026-04-23 | N/A |
| WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-2533 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll. | ||||
| CVE-2007-2532 | 1 Obie Website | 1 Mini Web Shop | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734. | ||||
| CVE-2007-2530 | 1 Tropicalm | 1 Tropicalm Crowell Resource | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. | ||||
| CVE-2007-2529 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. | ||||
| CVE-2007-2528 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. | ||||
| CVE-2007-2527 | 1 Dynamicpad | 1 Dynamicpad | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. | ||||
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2026-04-23 | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | ||||
| CVE-2007-2523 | 2 Broadcom, Ca | 2 Integrated Threat Management, Anti-virus For The Enterprise | 2026-04-23 | N/A |
| CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. | ||||
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. | ||||
| CVE-2007-2519 | 1 Php Group | 1 Pear | 2026-04-23 | N/A |
| Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. | ||||
| CVE-2007-2514 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2026-04-23 | N/A |
| Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. | ||||
| CVE-2007-2512 | 1 Alcatel-lucent | 1 Omnipcx | 2026-04-23 | N/A |
| Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. | ||||
| CVE-2007-2511 | 1 Php | 1 Php | 2026-04-23 | N/A |
| Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. | ||||
| CVE-2007-2507 | 1 Treble Designs | 1 1024 Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter. | ||||