Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2970 1 8e6 Technologies 1 R3000 Internet Filter 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2977 1 Domjudge 1 Domjudge 2026-04-23 N/A
Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. NOTE: some of these details are obtained from third party information.
CVE-2007-3003 1 Mywebland 1 Mybloggie 2026-04-23 N/A
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
CVE-2007-3030 1 Microsoft 2 Excel, Excel Viewer 2026-04-23 N/A
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
CVE-2007-3152 1 Daniel Stenberg 1 C-ares 2026-04-23 N/A
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.
CVE-2007-3052 1 Postnuke Software Foundation 1 Pnphpbb 2026-04-23 N/A
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2007-3069 1 Sun 1 Solaris 2026-04-23 N/A
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
CVE-2007-3100 1 Redhat 2 Enterprise Linux, Open Iscsi 2026-04-23 N/A
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.
CVE-2007-3267 1 Fuzzylime Forum 1 Fuzzylime Forum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.
CVE-2007-3406 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-23 N/A
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
CVE-2007-3437 2 Aol, Microsoft 2 Instant Messenger, Windows Xp 2026-04-23 N/A
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
CVE-2007-3459 1 Civiltech 1 Avax Vector Activex 2026-04-23 N/A
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
CVE-2007-3511 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
CVE-2007-3522 1 Sphpell 1 Sphpell 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
CVE-2007-3531 1 Gentoo 2 Linux, Nvclock 2026-04-23 N/A
The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
CVE-2007-3559 1 Php-fusion 1 Php-fusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
CVE-2007-3570 1 Novell 1 Access Manager 2026-04-23 N/A
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
CVE-2007-3689 1 Drupal 1 Print Module 2026-04-23 N/A
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
CVE-2007-3714 1 Ada 1 Imgsvr 2026-04-23 N/A
Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this is probably a different issue than CVE-2004-2464. NOTE: it was later reported that 0.6.21 and earlier is also affected.
CVE-2007-3718 1 Apple 1 Safari 2026-04-23 N/A
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.