Export limit exceeded: 349503 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349503 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4755 | 1 Cor Entertainment | 1 Alien Arena 2007 | 2026-04-23 | N/A |
| Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries. | ||||
| CVE-2007-4742 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | ||||
| CVE-2007-4741 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4740 | 1 Telecom Italy | 1 Alice Messenger | 2026-04-23 | N/A |
| The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method. | ||||
| CVE-2007-4737 | 1 Speedtech | 1 Stphplibrary | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php. | ||||
| CVE-2007-4736 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
| CVE-2007-4735 | 1 Next Generation Software | 1 Virtual Dj \(vdj\) | 2026-04-23 | N/A |
| Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file. | ||||
| CVE-2007-4734 | 1 Ots Labs | 1 Otsturntables | 2026-04-23 | N/A |
| Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file. | ||||
| CVE-2007-4733 | 1 Aztech | 1 Dsl 600eu Router | 2026-04-23 | N/A |
| The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. | ||||
| CVE-2007-4732 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. | ||||
| CVE-2007-4731 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005. | ||||
| CVE-2007-1145 | 1 Kayako | 1 Esupport | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842. | ||||
| CVE-2007-4289 | 1 Sun | 1 Java System Portal Server | 2026-04-23 | N/A |
| Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. | ||||
| CVE-2007-4291 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption. | ||||
| CVE-2007-4292 | 1 Cisco | 1 Ios | 2026-04-23 | N/A |
| Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249. | ||||
| CVE-2007-4301 | 1 Webcart | 1 Webcart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-4314 | 1 Pixlie | 1 Pixlie | 2026-04-23 | N/A |
| pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service. | ||||
| CVE-2006-5223 | 1 Nivisec | 1 User Viewed Posts Tracker | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-4317 | 1 Zyxel | 2 Zynos, Zywall 2 | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. | ||||
| CVE-2007-4318 | 1 Zyxel | 2 Zynos, Zywall 2 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. | ||||