Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5568 1 Ipn-mate 1 Ipn Pro 3 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.
CVE-2007-3530 1 Phpdirector 1 Phpdirector 2026-04-23 N/A
PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.
CVE-2008-5569 1 Phpeppershop 1 Phpeppershop 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
CVE-2007-3541 1 Kurinton 1 Shttpd 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3545 1 Warzone 1 Warzone 2100 Resurrection 2026-04-23 N/A
Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music.
CVE-2007-3552 1 Bbs100 1 Bbs100 2026-04-23 N/A
Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information.
CVE-2007-3554 1 Hp 1 Instant Support 2026-04-23 N/A
Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
CVE-2008-5580 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.
CVE-2008-5581 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.
CVE-2008-5584 1 Projectpier 1 Projectpier 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.
CVE-2007-3570 1 Novell 1 Access Manager 2026-04-23 N/A
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
CVE-2008-5658 1 Php 1 Php 2026-04-23 N/A
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
CVE-2007-3600 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
CVE-2007-3607 1 Sap 1 Enjoysap 2026-04-23 N/A
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
CVE-2007-3608 1 Sap 1 Enjoysap 2026-04-23 N/A
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
CVE-2007-3609 1 Emeeting 1 Online Dating Software 2026-04-23 N/A
Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.
CVE-2007-3610 1 Vastal I-tech 1 Phpvid 2026-04-23 N/A
SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-3611 1 Vrnews 1 Vrnews 2026-04-23 N/A
admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.
CVE-2007-3612 1 Visual Irc 1 Visual Irc 2026-04-23 N/A
Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.
CVE-2007-3617 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.