Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4370 1 Racer 1 Racer 2026-04-23 N/A
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
CVE-2007-4376 1 Szymon Kosok 1 Best Top List 2026-04-23 N/A
Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/.
CVE-2007-4380 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.
CVE-2007-4394 2 Novell, Suse 2 Suse Linux, Suse Linux 2026-04-23 N/A
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
CVE-2007-4397 6 Irssi, Kristof Korwisi, Mikachu and 3 more 7 Irssi, Ixmmsa, L33t Xmms Music Showing Script and 4 more 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4399 1 Irssi 1 Irssi 2026-04-23 N/A
CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2006-7028 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.
CVE-2007-3312 1 Efstratios Geroulis 1 Jasmine Cms 2026-04-23 N/A
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
CVE-2007-4400 1 Konversation 1 Konversation 2026-04-23 N/A
CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4401 1 Mirc 1 Advanced Integration Plugin 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4208 1 Morgan Ids 1 Next Gen Portfolio Manager 2026-04-23 N/A
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
CVE-2007-4406 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
CVE-2007-4205 2 Bluecat Networks, Linux-ha 2 Adonis, Heartbeat 2026-04-23 N/A
XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
CVE-2007-4410 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.
CVE-2007-4418 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details.
CVE-2007-4412 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side."
CVE-2007-4413 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.
CVE-2007-4414 1 Cisco 1 Vpn Client 2026-04-23 N/A
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
CVE-2006-6476 1 Mandiant 1 First Response 2026-04-23 N/A
FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).
CVE-2007-4431 1 Apple 1 Safari 2026-04-23 N/A
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."