Export limit exceeded: 362832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362832 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5713 2 Amxmodx, Valve Software 2 Amx Mod X, Half-life Dedicated Server 2026-04-23 N/A
Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for Half-Life Server might allow attackers to execute arbitrary code or cause a denial of service via unspecified input related to geolocation, which triggers an error message from the (1) geoip_code2 or (2) geoip_code3 function, leading to a buffer overflow.
CVE-2007-5751 1 Liferea 1 Liferea 2026-04-23 N/A
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
CVE-2007-5752 1 Agtc Websolutions 1 Php-agtc Membership System 2026-04-23 N/A
adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.
CVE-2007-5841 1 Nuboard 1 Nuboard 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-5945 1 Usvn 1 User-friendly Svn 2026-04-23 N/A
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
CVE-2007-5853 1 Apple 1 Mac Os X 2026-04-23 N/A
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
CVE-2007-5854 1 Apple 1 Mac Os X 2026-04-23 N/A
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
CVE-2007-5855 1 Apple 1 Mac Os X 2026-04-23 N/A
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
CVE-2007-5893 1 Alhem 1 C\+\+ Sockets Library 2026-04-23 N/A
HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information.
CVE-2007-5894 1 Mit 1 Kerberos 5 2026-04-23 N/A
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.
CVE-2007-5896 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.
CVE-2007-5901 3 Apple, Mit, Redhat 4 Mac Os X, Mac Os X Server, Kerberos 5 and 1 more 2026-04-23 N/A
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
CVE-2007-5904 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
CVE-2007-5910 4 Activepdf, Autonomy, Ibm and 1 more 6 Docconverter, Keyview Export Sdk, Keyview Filter Sdk and 3 more 2026-04-23 N/A
Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file.
CVE-2007-5912 1 Jportal 1 Jportal Web Portal 2026-04-23 N/A
SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
CVE-2006-5292 1 Exhibit Engine 1 Exhibit Engine 2026-04-23 N/A
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2007-1161 1 Call Center Software 1 Call Center Software 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.
CVE-2007-5931 1 Orangehrm 1 Orangehrm 2026-04-23 N/A
The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5932 1 Fatwire 1 Fatwire Content Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components.
CVE-2007-1162 1 Common Controls Replacement Project 1 Browsedialog Server 2026-04-23 N/A
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.