Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6638 1 March Networks 1 3204 Dvr 2026-04-23 N/A
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
CVE-2007-6639 1 Iptbb Team 1 Iptbb 2026-04-23 N/A
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.
CVE-2007-6644 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVE-2007-6645 1 Joomla 1 Joomla 2026-04-23 N/A
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
CVE-2007-6653 1 Mihalism 1 Multi Host 2026-04-23 N/A
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-6652 1 Xcms 1 Xcms 2026-04-23 N/A
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
CVE-2007-6662 1 Cutephp 1 Cutenews 2026-04-23 N/A
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.
CVE-2007-6658 1 Customcms 1 Ccms 2026-04-23 N/A
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
CVE-2007-6661 1 2z Project 1 2z Project 2026-04-23 N/A
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
CVE-2007-6660 1 2z Project 1 2z Project 2026-04-23 N/A
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages.
CVE-2007-6673 1 Makale Scripti 1 Makale Scripti 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
CVE-2007-6670 1 Phpcredo 1 Phcdownload 2026-04-23 N/A
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
CVE-2007-6690 1 Menalto 1 Gallery 2026-04-23 N/A
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
CVE-2007-6692 1 Menalto 1 Gallery 2026-04-23 N/A
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules.
CVE-2007-6689 1 Menalto 1 Gallery 2026-04-23 N/A
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.
CVE-2007-6688 1 Menalto 1 Gallery 2026-04-23 N/A
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."
CVE-2007-6719 1 Inspector It 1 Wiz-ad 2026-04-23 N/A
SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6725 2 Ghostscript, Redhat 2 Ghostscript, Enterprise Linux 2026-04-23 N/A
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
CVE-2007-6727 1 Max Kervin 1 Kervinet Forum 2026-04-23 N/A
SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter.
CVE-2008-0002 2 Apache, Redhat 3 Tomcat, Jboss Enterprise Application Platform, Rhel Application Stack 2026-04-23 N/A
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.