LiveActive security incident?Get immediate response
CVE archive

April 2007

Browse CVE records published in April 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 639 matching CVEs · Page 4 of 13.

Unknown · CVSS Not scored

CVE-2007-2266: Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by...

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

Published Apr 25, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2267: Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenti...

Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.

Published Apr 25, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2260: Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execut...

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.

Published Apr 25, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2255: Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execu...

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.

Published Apr 25, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2212: Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allo...

Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Apr 24, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2197: Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk....

Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.

Published Apr 24, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2185: Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbi...

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.

Published Apr 24, 2007 · Updated Aug 7, 2024