Export limit exceeded: 346711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346711 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2773 | 1 Zomplog | 1 Zomplog | 2026-04-23 | N/A |
| SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. | ||||
| CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2026-04-23 | N/A |
| (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | ||||
| CVE-2007-2839 | 1 Debian | 1 Gfax | 2026-04-23 | N/A |
| gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors. | ||||
| CVE-2007-2814 | 1 Pegasus | 1 Imagn Activex Control | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. | ||||
| CVE-2008-5269 | 1 Powie | 1 Psys | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | ||||
| CVE-2007-2827 | 1 Lead Technologies | 1 Leadtools Isis Activex Control | 2026-04-23 | N/A |
| Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName property. | ||||
| CVE-2007-2828 | 1 Johntp | 1 Adsense-deluxe | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. | ||||
| CVE-2007-2829 | 1 Madwifi | 1 Madwifi | 2026-04-23 | N/A |
| The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. | ||||
| CVE-2007-2832 | 1 Cisco | 1 Call Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. | ||||
| CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2026-04-23 | N/A |
| Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | ||||
| CVE-2007-2835 | 2 Debian, Unicon-imc2 | 2 Debian Linux, Unicon-imc2 | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | ||||
| CVE-2007-2836 | 1 Hiki | 1 Hiki | 2026-04-23 | N/A |
| Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | ||||
| CVE-2007-2837 | 2 Debian, Fireflier | 2 Debian Linux, Fireflier | 2026-04-23 | N/A |
| The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file. | ||||
| CVE-2007-2838 | 2 Debian, Gsambad | 2 Debian Linux, Gsambad | 2026-04-23 | N/A |
| The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file. | ||||
| CVE-2007-2844 | 1 Php | 1 Php | 2026-04-23 | N/A |
| PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. | ||||
| CVE-2007-2845 | 1 Avast | 1 Avast Antivirus | 2026-04-23 | N/A |
| Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around". | ||||
| CVE-2007-2846 | 2 Avas\!t, Avast\! | 2 Avast\! Antivirus, Avast\! Antivirus | 2026-04-23 | N/A |
| Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around." | ||||
| CVE-2007-2847 | 1 Hlstats | 1 Hlstats | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812. | ||||
| CVE-2007-2848 | 1 Sky Software | 2 Shcombobox Activex Control, Shell Megapack Activex | 2026-04-23 | N/A |
| Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control (shcmb80.ocx) in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2849 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2026-04-23 | N/A |
| KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check. | ||||