Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4932 1 Shop-script 1 Shop-script 2026-04-23 N/A
admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.
CVE-2007-0661 1 Intel 9 Enterprise Southbridge 2 Bmc, Enterprise Southbridge Bmc, Server Board S5000pal and 6 more 2026-04-23 N/A
Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service.
CVE-2009-2193 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
CVE-2007-4934 1 Phpffl 1 Phpffl 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.
CVE-2007-4936 1 Office Efficiencies 1 Safesquid 2026-04-23 N/A
Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux.
CVE-2008-2538 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.
CVE-2007-4938 11 Apple, Hp, Ibm and 8 more 18 Mac Os X, Hp-ux, Tru64 and 15 more 2026-04-23 N/A
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
CVE-2007-4940 3 Guliverkli, Mympc, Verycd 3 Media Player Classic, Cd-storm, Stormplayer 2026-04-23 N/A
Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values.
CVE-2007-4944 1 Opera 1 Opera Browser 2026-04-23 N/A
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.
CVE-2008-4057 1 Objective Development 1 Sharity 2026-04-23 N/A
Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem."
CVE-2007-4945 1 Jasmine Technologies 1 Lettergrade 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4946 1 Jasmine Technologies 1 Lettergrade 2026-04-23 N/A
LetterGrade allows remote attackers to obtain sensitive information (installation path or account existence) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4947 1 Myphppagetool 1 Myphppagetool 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3) help3.php, (4) help4.php, (5) help5.php, (6) help6.php, (7) help7.php, (7) help8.php, (8) help9.php, or (10) index.php in doc/admin/.
CVE-2007-4948 1 Webmedia Explorer 1 Webmedia Explorer 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess support. NOTE: the includes/core.lib.php vector is already covered by CVE-2006-5252.
CVE-2007-4952 1 Omnistar Interactive 1 Omnistar Article Manager 2026-04-23 N/A
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
CVE-2007-4953 1 Simpcms 1 Simpcms 2026-04-23 N/A
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.
CVE-2007-4954 1 Joomla 1 Joom12pic Component 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-4955 1 Joomla 1 Flash Fun Component 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2008-4059 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
CVE-2007-4958 1 Tinywebgallery 1 Tinywebgallery 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.