Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3536 | 1 Amx | 1 Netlinx Vnc Activex Control | 2026-04-23 | N/A |
| Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values. | ||||
| CVE-2007-3544 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. | ||||
| CVE-2007-3547 | 1 Qt-cute | 1 Quickticket | 2026-04-23 | N/A |
| Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter. | ||||
| CVE-2007-3548 | 1 W3filer | 1 W3filer | 2026-04-23 | N/A |
| Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. | ||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-4369 | 1 Sote | 1 Soteesklep | 2026-04-23 | N/A |
| Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2007-4370 | 1 Racer | 1 Racer | 2026-04-23 | N/A |
| Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000. | ||||
| CVE-2007-4371 | 1 Hotscripts | 1 Neuron Blog | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. | ||||
| CVE-2007-4380 | 1 Symantec | 1 Altiris Deployment Solution | 2026-04-23 | N/A |
| Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. | ||||
| CVE-2007-4405 | 1 Universal Ircd | 1 Ircu | 2026-04-23 | N/A |
| ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels). | ||||
| CVE-2007-4396 | 1 Irssi | 1 Irssi | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||
| CVE-2007-4399 | 1 Irssi | 1 Irssi | 2026-04-23 | N/A |
| CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||
| CVE-2007-4400 | 1 Konversation | 1 Konversation | 2026-04-23 | N/A |
| CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||
| CVE-2007-4427 | 1 Intersystems | 1 Cache Database | 2026-04-23 | N/A |
| Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116. | ||||
| CVE-2007-4428 | 1 Lhaz | 1 Lhaz | 2026-04-23 | N/A |
| Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116. | ||||
| CVE-2006-5140 | 1 Lappy512 | 1 Php Krazy Image Host Script | 2026-04-23 | N/A |
| SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4431 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | ||||
| CVE-2006-5141 | 1 Kevin A. Gordon | 1 Open Geo Targeting | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-4448 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. | ||||
| CVE-2006-5147 | 1 Vamp Webmail | 1 Vamp Webmail | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. | ||||