Search Results (363020 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6573 1 Qksoft 1 Qk Smtp Server 3 2026-04-23 N/A
QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551.
CVE-2007-6572 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
CVE-2007-6571 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
CVE-2007-6570 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
CVE-2007-6566 1 Xzero Scripts 1 Xzero Community Classifieds 2026-04-23 N/A
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
CVE-2007-6565 1 Blakord 1 Blakord Portal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.
CVE-2007-6564 1 Limbo Cms 1 Limbo Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
CVE-2007-6547 1 Runcms 1 Runcms 2026-04-23 N/A
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
CVE-2007-6546 1 Runcms 1 Runcms 2026-04-23 N/A
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CVE-2007-6545 1 Runcms 1 Runcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php.
CVE-2007-6544 1 Runcms 1 Runcms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
CVE-2007-6543 1 Esyndicat 1 Esyndicat Link Exchange 2026-04-23 N/A
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6549 1 Runcms 1 Runcms 2026-04-23 N/A
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."
CVE-2007-6250 2 Aol, Microsoft 2 Aolmediaplaybackcontrol, Ampx 2026-04-23 N/A
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.
CVE-2007-6252 1 Learn2 1 Strunner 2026-04-23 N/A
Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-6279 1 Flac 1 Libflac 2026-04-23 N/A
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
CVE-2007-6281 1 Stbernard 1 Open File Manager 2026-04-23 N/A
Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request.
CVE-2007-6282 1 Redhat 3 Enterprise Linux, Enterprise Linux Desktop, Enterprise Mrg 2026-04-23 N/A
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
CVE-2007-6284 3 Debian, Mandrakesoft, Redhat 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more 2026-04-23 N/A
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
CVE-2007-6286 1 Apache 1 Tomcat 2026-04-23 N/A
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.