Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2504 | 1 Php Turbulence | 1 Php Turbulence | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion | ||||
| CVE-2007-2503 | 1 Php Turbulence | 1 Php Turbulence | 2026-04-23 | N/A |
| Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion | ||||
| CVE-2007-2502 | 1 Hp | 1 Procurve Switch 9300m | 2026-04-23 | N/A |
| Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. | ||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2026-04-23 | N/A |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | ||||
| CVE-2007-2497 | 1 Realnetworks | 1 Realplayer | 2026-04-23 | N/A |
| RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. | ||||
| CVE-2007-2495 | 1 Office Ocx | 1 Excel Viewer Ocx | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2083 | 1 Zonelabs | 1 Zonealarm | 2026-04-23 | N/A |
| vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. | ||||
| CVE-2007-2088 | 1 Sitebar | 1 Sitebar | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php. | ||||
| CVE-2007-2097 | 1 Openconcept | 1 Back-end Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076. NOTE: this issue is disputed by a third party, who states that $includes_path is defined before use | ||||
| CVE-2007-1455 | 1 Cpanel-host | 1 Fantastico De Luxe | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files. | ||||
| CVE-2007-2100 | 1 Fac Guestbook | 1 Fac Guestbook | 2026-04-23 | N/A |
| FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. | ||||
| CVE-2007-2104 | 1 Ixon Cms | 1 Ixon Cms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. | ||||
| CVE-2008-1079 | 1 Beehive Software | 1 Sendfile.net | 2026-04-23 | N/A |
| The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges. | ||||
| CVE-2007-2105 | 1 Monkey Cms | 1 Monkey Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter. | ||||
| CVE-2007-2107 | 1 Rha7 Downloads | 1 Rha7 Downloads | 2026-04-23 | N/A |
| SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-0315 | 1 Google | 1 Chrome | 2026-04-23 | N/A |
| WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. | ||||
| CVE-2007-2119 | 1 Oracle | 2 Application Server, Database Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. | ||||
| CVE-2007-2123 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. | ||||
| CVE-2007-2124 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. | ||||
| CVE-2007-2126 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). | ||||