Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1569 1 Newsbin Pro 1 Newsbin Pro 2026-04-23 N/A
Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information.
CVE-2007-4889 1 Php 2 Mysql Extension, Php 2026-04-23 N/A
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
CVE-2007-1587 1 Tim Soderstrom 1 Statsdawg 2026-04-23 N/A
templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter.
CVE-2007-1595 1 Asterisk 1 Asterisk 2026-04-23 N/A
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
CVE-2007-1614 1 Zziplib 1 Zziplib 2026-04-23 N/A
Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.
CVE-2007-1602 1 Weekly Drawing Contest 1 Weekly Drawing Contest 2026-04-23 N/A
SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2007-1603 1 Weekly Drawing Contest 1 Weekly Drawing Contest 2026-04-23 N/A
admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request.
CVE-2007-1609 1 Oracle 1 Application Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563.
CVE-2007-1610 1 Glue Software 1 Newsglue 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.
CVE-2007-1612 1 Katalog Plyt Audio 1 Katalog Plyt Audio 2026-04-23 N/A
SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter.
CVE-2007-1638 1 Phpprojekt 1 Phpprojekt 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.
CVE-2007-1665 2 Debian, Ekg 2 Debian Linux, Ekg 2026-04-23 N/A
Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
CVE-2007-4461 1 Nufw 1 Nufw 2026-04-23 N/A
NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time.
CVE-2007-1691 1 Second Sight Software 1 Activemod 2026-04-23 N/A
Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-4427 1 Intersystems 1 Cache Database 2026-04-23 N/A
Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.
CVE-2007-1722 1 Signkorea 1 Skcommax Activex Control 2026-04-23 N/A
Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument.
CVE-2007-1724 1 Reactos 1 Reactos 2026-04-23 N/A
Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.
CVE-2007-1726 1 Icebb 1 Icebb 2026-04-23 N/A
Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.
CVE-2007-1805 1 Myxoops 1 Debaser 2026-04-23 N/A
SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter.
CVE-2007-1806 1 Red Mexico 1 Rm\+soft Gallery 2026-04-23 N/A
SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter.