Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7162 1 Putty 1 Putty 2026-04-23 N/A
PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.
CVE-2007-2796 1 Arris 1 Cadant C3 Cmts 2026-04-23 N/A
Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
CVE-2007-2833 3 Debian, Gnu, Mandrakesoft 4 Debian Linux, Emacs, Mandrake Linux and 1 more 2026-04-23 N/A
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
CVE-2006-7124 1 Joomla 1 Bsq Sitestats 2026-04-23 N/A
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
CVE-2007-2843 1 Apple 1 Safari 2026-04-23 N/A
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
CVE-2007-2845 1 Avast 1 Avast Antivirus 2026-04-23 N/A
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".
CVE-2007-2852 1 Eset Software 1 Nod32 Antivirus 2026-04-23 N/A
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
CVE-2006-7128 1 Salims Softhouse 1 Jaf Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
CVE-2007-2887 1 Forsnet 1 Web Icerik Yonetim Sistemi 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.
CVE-2007-1266 1 Gnome 1 Evolution 2026-04-23 N/A
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVE-2007-2895 1 Lead Technologies 1 Leadtools Raster Dialog File Object 2026-04-23 N/A
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
CVE-2007-2915 1 Rm Easymail 1 Rm Easymail Plus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.
CVE-2007-2779 1 Libstats 1 Libstats 2026-04-23 N/A
PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.
CVE-2007-3002 1 Php Jackknife 1 Php Jackknife 2026-04-23 N/A
PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages.
CVE-2007-3009 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2026-04-23 N/A
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
CVE-2007-3011 1 Fujitsu 1 Serverview 2026-04-23 N/A
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
CVE-2007-3014 1 Activeweb 1 Contentserver 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).
CVE-2007-3023 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
CVE-2007-3027 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2026-04-23 N/A
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
CVE-2007-5804 1 Ibm 1 Aix 2026-04-23 N/A
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.