Export limit exceeded: 349337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1956 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-23 | N/A |
| SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter. | ||||
| CVE-2007-1948 | 1 Irfanview | 1 Irfanview | 2026-04-23 | N/A |
| Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp. | ||||
| CVE-2007-1954 | 1 Archivexpert | 1 Archivexpert | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file. | ||||
| CVE-2007-1953 | 1 Onelook | 1 Courts Online | 2026-04-23 | N/A |
| Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2007-1952 | 1 Onelook | 1 Onebyone Cms | 2026-04-23 | N/A |
| Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2007-1951 | 1 Onelook | 1 Oboshop | 2026-04-23 | N/A |
| Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | ||||
| CVE-2007-1950 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter. | ||||
| CVE-2007-1945 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I5os and 6 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors. | ||||
| CVE-2007-1944 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. | ||||
| CVE-2007-1943 | 1 Acd Systems | 1 Acdsee Photo Manager | 2026-04-23 | N/A |
| Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp. | ||||
| CVE-2007-1942 | 1 Faststone | 1 Image Viewer | 2026-04-23 | N/A |
| Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp. | ||||
| CVE-2007-1922 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. | ||||
| CVE-2007-1524 | 1 Zomplog | 1 Zomplog | 2026-04-23 | N/A |
| Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/. | ||||
| CVE-2007-1525 | 1 Dayfox Designs | 1 Dayfox Blog | 2026-04-23 | N/A |
| Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. | ||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2026-04-23 | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-1543 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. | ||||
| CVE-2007-1544 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. | ||||
| CVE-2007-1545 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. | ||||
| CVE-2007-1552 | 1 Metaforum | 1 Metaforum | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php. | ||||
| CVE-2007-1553 | 1 Guestbara | 1 Guestbara | 2026-04-23 | N/A |
| admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | ||||