Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-3559 1 Php-fusion 1 Php-fusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
CVE-2007-3554 1 Hp 1 Instant Support 2026-04-23 N/A
Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
CVE-2007-3548 1 W3filer 1 W3filer 2026-04-23 N/A
Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file.
CVE-2007-3546 1 Nessus 1 Nessus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3544 1 Wordpress 2 Wordpress, Wordpress Mu 2026-04-23 N/A
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
CVE-2007-3415 1 Phpraider 1 Phpraider 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.
CVE-2007-3423 1 Web-app.org 1 Webapp 2026-04-23 N/A
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
CVE-2007-3424 1 Web-app.org 1 Webapp 2026-04-23 N/A
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
CVE-2007-3431 1 Valerio Capello 1 Dagger - The Cutting Edge 2026-04-23 N/A
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.
CVE-2007-3432 1 Pluxml 1 Pluxml 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
CVE-2007-3433 1 Netart Media 1 Pharmacy System 2026-04-23 N/A
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
CVE-2007-3434 1 Netart Media 1 Pharmacy System 2026-04-23 N/A
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.
CVE-2007-3436 1 Microsoft 2 Msn Messenger, Windows Xp 2026-04-23 N/A
Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
CVE-2007-3437 2 Aol, Microsoft 2 Instant Messenger, Windows Xp 2026-04-23 N/A
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
CVE-2007-3443 1 Research In Motion Limited 1 Blackberry 7270 2026-04-23 N/A
The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.
CVE-2007-3446 1 Bugmall 1 Shopping Cart 2026-04-23 N/A
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
CVE-2007-3449 1 Gorani Network 1 6alblog 2026-04-23 N/A
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2007-3451 1 Gorani Network 1 6alblog 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.
CVE-2007-3452 1 Edocstore 1 Edocstore 2026-04-23 N/A
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
CVE-2007-3453 1 Papoo 1 Papoo 2026-04-23 N/A
SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.