Export limit exceeded: 29943 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29943 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4335 | 1 Qbik | 1 Wingate | 2026-04-23 | N/A |
| Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. | ||||
| CVE-2007-4341 | 1 Omnistar | 1 Lib2 Php Library | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | ||||
| CVE-2007-4141 | 1 Openrat | 1 Openrat Cms | 2026-04-23 | N/A |
| OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message. | ||||
| CVE-2007-4143 | 1 Phpcoupon | 1 Phpcoupon | 2026-04-23 | N/A |
| user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions. | ||||
| CVE-2007-4360 | 1 Dell | 1 Remote Access Card | 2026-04-23 | N/A |
| Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. | ||||
| CVE-2007-3983 | 1 Datadynamics | 1 Activereports | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4362 | 1 Prozilla | 1 Webring | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2007-4363 | 1 Drupal | 1 Content Construction Kit | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | ||||
| CVE-2007-4366 | 1 Wengo | 1 Wengophone | 2026-04-23 | N/A |
| WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | ||||
| CVE-2007-3984 | 1 Zenturi | 1 Zenturi Programchecker | 2026-04-23 | N/A |
| Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987. | ||||
| CVE-2007-1267 | 1 Sylpheed | 1 Sylpheed | 2026-04-23 | N/A |
| Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-4375 | 1 Diskeeper | 1 Diskeeper | 2026-04-23 | N/A |
| The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. | ||||
| CVE-2007-4377 | 1 Netwin | 1 Surgemail | 2026-04-23 | N/A |
| Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372. | ||||
| CVE-2007-4167 | 1 Al-caricatier | 1 Al-caricatier | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter. | ||||
| CVE-2007-3985 | 1 Securecomputing | 1 Securityreporter | 2026-04-23 | N/A |
| Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter. | ||||
| CVE-2007-4379 | 1 Rndlabs | 1 Babo Violent | 2026-04-23 | N/A |
| Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size. | ||||
| CVE-2007-4170 | 1 Al-athkar | 1 Al-athkar | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php. | ||||
| CVE-2007-4382 | 1 Counterpath | 1 X-lite | 2026-04-23 | N/A |
| CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | ||||
| CVE-2007-4392 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. | ||||
| CVE-2007-3924 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2026-04-23 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE. | ||||