Export limit exceeded: 367077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367077 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3661 1 Eltima Software 1 Virtual Serial Port 2026-04-23 N/A
Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions.
CVE-2007-1244 1 Wordpress 1 Wordpress 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
CVE-2007-2493 1 Mxbb 2 Mxbb Faq, Mxbb Rules 2026-04-23 N/A
PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-3072 1 Mozilla 1 Firefox 2026-04-23 N/A
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
CVE-2007-3338 1 Ingres 1 Database Server 2026-04-23 N/A
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
CVE-2007-1245 1 Irfanview 1 Irfanview 2026-04-23 N/A
IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.
CVE-2007-3073 3 Apple, Mozilla, Unix 3 Mac Os X, Firefox, Unix 2026-04-23 N/A
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
CVE-2007-3509 1 Symantec 1 Veritas Backup Exec 2026-04-23 N/A
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
CVE-2007-3662 1 Media Player Classic 1 Media Player Classic 2026-04-23 N/A
Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file.
CVE-2006-5437 1 Phpadsnew 1 Phpadsnew 2026-04-23 N/A
Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the phpAds_config[language] parameter. NOTE: this issue could not be reproduced by a third party
CVE-2007-1246 1 Mplayer 1 Mplayer 2026-04-23 N/A
The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.
CVE-2007-2495 1 Office Ocx 1 Excel Viewer Ocx 2026-04-23 N/A
Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information.
CVE-2007-3074 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.
CVE-2007-1247 1 Aweb Labs 1 Awebnews 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.
CVE-2007-3075 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.
CVE-2007-3344 1 Netjukebox 1 Netjukebox 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. NOTE: the attack also reveals the installation path.
CVE-2007-1248 1 Built2go 1 News Manager Blog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.
CVE-2007-2497 1 Realnetworks 1 Realplayer 2026-04-23 N/A
RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
CVE-2007-3076 1 Zenturi 1 Zenturi Programchecker 2026-04-23 N/A
A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.
CVE-2007-3352 1 Stephen Ostermiller 1 Contact Form 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe.