Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2765 1 Ac Zoom 1 Blockhosts 2026-04-23 N/A
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
CVE-2007-2773 1 Zomplog 1 Zomplog 2026-04-23 N/A
SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter.
CVE-2007-2777 1 Alstrasoft 1 Template Seller 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
CVE-2007-2792 1 Com Yanc 1 Com Yanc 2026-04-23 N/A
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2007-2796 1 Arris 1 Cadant C3 Cmts 2026-04-23 N/A
Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
CVE-2007-2833 3 Debian, Gnu, Mandrakesoft 4 Debian Linux, Emacs, Mandrake Linux and 1 more 2026-04-23 N/A
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
CVE-2006-7124 1 Joomla 1 Bsq Sitestats 2026-04-23 N/A
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
CVE-2007-2843 1 Apple 1 Safari 2026-04-23 N/A
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
CVE-2007-2845 1 Avast 1 Avast Antivirus 2026-04-23 N/A
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".
CVE-2007-2852 1 Eset Software 1 Nod32 Antivirus 2026-04-23 N/A
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
CVE-2006-7128 1 Salims Softhouse 1 Jaf Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
CVE-2007-2857 1 Zakkis Technology Corporation 1 Php Excel Parser 2026-04-23 N/A
PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.
CVE-2007-2862 1 Devellion 1 Cubecart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
CVE-2007-2866 1 Phpecho Cms 1 Phpecho Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-2869 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
CVE-2007-2873 2 Redhat, Spamassassin 2 Enterprise Linux, Spamassassin 2026-04-23 N/A
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.
CVE-2007-2881 1 Sun 1 Java System Web Proxy Server 2026-04-23 N/A
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
CVE-2007-2886 1 Nortel 1 Communications Server 2026-04-23 N/A
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
CVE-2007-2887 1 Forsnet 1 Web Icerik Yonetim Sistemi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.
CVE-2007-1266 1 Gnome 1 Evolution 2026-04-23 N/A
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.