Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2707 1 Linksnet 1 Newsfeed 2026-04-23 N/A
PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.
CVE-2007-2708 1 Feindt Computerservice 1 News-script 2026-04-23 N/A
PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2007-2725 1 Db Soft Lab 1 Dewizardx 2026-04-23 N/A
The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function.
CVE-2007-2726 1 Bitscast 1 Bitscast 2026-04-23 N/A
BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns.
CVE-2007-2729 1 Comodo 2 Comodo Firewall Pro, Comodo Personal Firewall 2026-04-23 N/A
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
CVE-2007-3475 2 Gd Graphics Library, Redhat 2 Gdlib, Enterprise Linux 2026-04-23 N/A
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
CVE-2007-2732 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/.
CVE-2007-2739 1 Xajax 1 Xajax 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-2740 1 Xajax 1 Xajax 2026-04-23 N/A
Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.
CVE-2007-3260 1 Hp 1 System Management Homepage 2026-04-23 N/A
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.
CVE-2007-2757 1 Dean J Robinson 1 Redoable 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php.
CVE-2007-2758 1 Winimage 1 Winimage 2026-04-23 N/A
Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal.
CVE-2007-0822 1 Linux 1 Linux Kernel 2026-04-23 N/A
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.
CVE-2007-2489 1 Livedata 1 Protocol Server 2026-04-23 N/A
Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.
CVE-2007-2772 1 Ca 1 Brightstor Arcserve Backup 2026-04-23 N/A
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
CVE-2007-2773 1 Zomplog 1 Zomplog 2026-04-23 N/A
SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter.
CVE-2007-2194 1 Gentoo 1 Xnview 2026-04-23 N/A
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
CVE-2007-2839 1 Debian 1 Gfax 2026-04-23 N/A
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
CVE-2007-0648 1 Cisco 1 Ios 2026-04-23 N/A
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
CVE-2007-4230 1 Jems Scripts 1 Bellabiblio 2026-04-23 N/A
BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash