Search Results (367077 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3087 1 Peercast 1 Peercast 2026-04-23 N/A
Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information.
CVE-2007-2521 1 E-gads 1 E-gads 2026-04-23 N/A
PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
CVE-2007-1304 1 Savas Place 1 Savas Guestbook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.
CVE-2007-2520 1 Frank Mancuso 1 Mynews 2026-04-23 N/A
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
CVE-2007-1303 1 Rrdbrowse 1 Rrdbrowse 2026-04-23 N/A
Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-2519 1 Php Group 1 Pear 2026-04-23 N/A
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
CVE-2007-1302 1 Li-scripts 1 Li-guestbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.
CVE-2007-3668 1 Numedia Soft Inc 1 Nmsdvdx Dvd Burning Sdk 2026-04-23 N/A
Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via "improperly initialized" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables.
CVE-2007-3528 1 Dar 1 Dar 2026-04-23 N/A
The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.
CVE-2007-3355 1 Scriptdevelopers.net 1 Netclassifieds 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3086 1 Agnitum 1 Outpost Firewall 2026-04-23 N/A
Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.
CVE-2007-2491 1 Vmware 2 Server, Workstation 2026-04-23 N/A
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.
CVE-2007-3070 1 Bdigital Web Solutions 1 Webstudio Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.
CVE-2007-3507 1 Flac123 1 Flac123 2026-04-23 N/A
Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.
CVE-2007-3660 1 Nonnoi Solutions 1 Asp Barcode 2026-04-23 N/A
The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function.
CVE-2007-3750 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
CVE-2006-5433 1 Timm Maass 1 Alice Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter.
CVE-2007-3071 1 Digital River 1 Esellerate Sdk 2026-04-23 N/A
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
CVE-2007-3337 1 Ingres 1 Database Server 2026-04-23 N/A
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
CVE-2007-3508 1 Gentoo 1 Glibc 2026-04-23 N/A
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution