Export limit exceeded: 29942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3467 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. | ||||
| CVE-2007-3492 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command. | ||||
| CVE-2007-3513 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). | ||||
| CVE-2007-3535 | 1 Frank Karau | 1 Gl-sh Deaf Forum | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. | ||||
| CVE-2007-3554 | 1 Hp | 1 Instant Support | 2026-04-23 | N/A |
| Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function. | ||||
| CVE-2007-3572 | 1 Yoggie | 2 Pico, Pico Pro | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). | ||||
| CVE-2007-3589 | 1 B1g | 1 B1gbb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | ||||
| CVE-2007-4135 | 2 Nfsv4, Redhat | 2 Nfsidmap, Enterprise Linux | 2026-04-23 | N/A |
| The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client. | ||||
| CVE-2007-4156 | 1 Woliocms | 1 Woliocms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php. | ||||
| CVE-2007-4178 | 1 Amg Soft | 1 Webdirector | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter. | ||||
| CVE-2007-4197 | 1 Brian Carrier | 1 The Slueth Kit | 2026-04-23 | N/A |
| icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image. | ||||
| CVE-2007-4231 | 1 Idevspot | 1 Phphostbot | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776. | ||||
| CVE-2007-4248 | 1 Toolbar Gaming | 1 Toolbar Gaming | 2026-04-23 | N/A |
| The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | ||||
| CVE-2007-4270 | 1 Ibm | 1 Db2 Universal Database | 2026-04-23 | N/A |
| Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. | ||||
| CVE-2007-4294 | 1 Cisco | 2 Ios, Unified Communications Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. | ||||
| CVE-2007-4317 | 1 Zyxel | 2 Zynos, Zywall 2 | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. | ||||
| CVE-2007-4334 | 1 Php-stats | 1 Php-stats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. | ||||
| CVE-2007-4363 | 1 Drupal | 1 Content Construction Kit | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | ||||
| CVE-2007-4382 | 1 Counterpath | 1 X-lite | 2026-04-23 | N/A |
| CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | ||||
| CVE-2007-5500 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||