Search Results (362495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6614 1 Agares Media 1 Phpautovideo 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542.
CVE-2007-6615 1 Agares Media 1 Phpautovideo 2026-04-23 N/A
Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter.
CVE-2007-6616 1 Simpleforum 1 Simpleforum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details are obtained from third party information.
CVE-2007-6617 1 Atlassian 1 Jira 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information.
CVE-2007-6618 1 Atlassian 1 Jira 2026-04-23 N/A
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
CVE-2007-6619 1 Atlassian 1 Jira 2026-04-23 N/A
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
CVE-2007-6620 1 Joovili 1 Joovili 2026-04-23 N/A
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2007-6621 1 Joovili 1 Joovili 2026-04-23 N/A
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2007-6622 1 Zeuscms 1 Zeuscms 2026-04-23 N/A
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2007-6623 1 Zeuscms 1 Zeuscms 2026-04-23 N/A
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
CVE-2007-6624 1 Pnphpbb 1 Pnphpbb 2026-04-23 N/A
Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
CVE-2007-6625 1 Novell 1 Identity Manager 2026-04-23 N/A
The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan.
CVE-2007-6162 1 Wsdeluxe 1 Fmdeluxe 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.
CVE-2007-6163 1 Gouae 1 Dwd Realty 2026-04-23 N/A
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6164 1 Eurologon 1 Eurologon Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
CVE-2007-6165 1 Apple 1 Mac Os X 2026-04-23 N/A
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
CVE-2007-6166 2 Apple, Microsoft 5 Mac Os X, Quicktime, Safari and 2 more 2026-04-23 N/A
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2007-6167 1 Suse 1 Suse Linux 2026-04-23 N/A
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
CVE-2007-6168 1 Vu 1 Case Manager 2026-04-23 N/A
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6169 1 Gouae 1 Dwd Realty 2026-04-23 N/A
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.