Total
29906 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4081 | 1 Alstrasoft | 1 Affiliate Network Pro | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1. | ||||
| CVE-2007-4085 | 1 Alstrasoft | 1 Askme Pro | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. | ||||
| CVE-2007-4087 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php. | ||||
| CVE-2007-1894 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. | ||||
| CVE-2008-1153 | 1 Cisco | 2 Cisco Ios, Ios | 2026-04-23 | N/A |
| Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | ||||
| CVE-2007-4088 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b. | ||||
| CVE-2007-4090 | 1 Vikingboard | 1 Vikingboard | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4091 | 1 Rsync | 1 Rsync | 2026-04-23 | N/A |
| Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. | ||||
| CVE-2007-4092 | 1 Ifoto | 1 Ifoto | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter. | ||||
| CVE-2007-4093 | 1 Minb | 1 Minb Is Not A Blog | 2026-04-23 | N/A |
| Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db. | ||||
| CVE-2007-4106 | 1 Codewidgets | 2 Pay Roll - Time Sheet, Punch Card | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2007-4118 | 1 Jx Development | 1 Phpvoter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.inc.php in phpVoter 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | ||||
| CVE-2007-4120 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims | ||||
| CVE-2007-4122 | 1 Hitachi | 1 Jp1-cm2-hierarchical Viewer | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data." | ||||
| CVE-2007-4123 | 1 Hitachi | 1 Groupmax Groupware Server | 2026-04-23 | N/A |
| The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax Groupware Server 07-00-/F through 07-32-/A before 20070731 does not properly manage schedule server configuration data, which might allow attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2007-1725 | 1 Icebb | 1 Icebb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | ||||
| CVE-2007-1730 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value. | ||||
| CVE-2007-3483 | 1 Rim | 1 Blackberry Enterprise Server | 2026-04-23 | N/A |
| Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware. | ||||
| CVE-2007-3488 | 1 Sony | 1 Sony Network Camera Snc-p5 | 2026-04-23 | N/A |
| Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method. | ||||
| CVE-2007-3491 | 1 Progress | 1 Openedge | 2026-04-23 | N/A |
| Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | ||||