Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2278 1 Dcp-portal 1 Dcp-portal 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php.
CVE-2007-2282 1 Cisco 1 Netflow Collection Engine 2026-04-23 N/A
Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.
CVE-2007-2286 1 Built2go 1 Php Link Portal 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter.
CVE-2007-2287 1 Comus 1 Comus 2026-04-23 N/A
PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
CVE-2007-2294 1 Asterisk 1 Asterisk 2026-04-23 N/A
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
CVE-2007-2304 1 Qdblog 1 Qdblog 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.
CVE-2007-2306 1 Vwar 1 Virtual War 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.
CVE-2007-2312 1 Vwar 1 Virtual War 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.
CVE-2007-2313 1 Mxbb 1 Mx Shotcast 2026-04-23 N/A
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2007-2315 1 Minishare 1 Minimal Http Server 2026-04-23 N/A
MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.
CVE-2007-2317 2 Minibb, Tosmo Mambo 2 Minibb, Tosmo Mambo 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
CVE-2007-2683 2 Mutt, Redhat 2 Mutt, Enterprise Linux 2026-04-23 N/A
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
CVE-2007-2321 1 Silverstripe 1 Silverstripe 2026-04-23 N/A
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
CVE-2007-2420 1 Burak Yilmaz 1 Burak Yilmaz Blog 2026-04-23 N/A
SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2421 1 Hitachi 1 Groupmax Mobile Option 2026-04-23 N/A
Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-2422 1 Comdev 1 Modules Builder 2026-04-23 9.8 Critical
Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string
CVE-2007-2429 1 Manageengine 1 Passwordmanager Pro 2026-04-23 N/A
ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2432 1 Nukedit 1 Nukedit 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2743 1 Glossword 1 Glossword 2026-04-23 N/A
PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
CVE-2007-2434 1 Aventail 1 Aventail Connect 2026-04-23 N/A
Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query.