Export limit exceeded: 29909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1384 | 1 Joris Guisson | 1 Ktorrent | 2026-04-23 | N/A |
| Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename. | ||||
| CVE-2007-1385 | 1 Joris Guisson | 1 Ktorrent | 2026-04-23 | N/A |
| chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value. | ||||
| CVE-2007-1387 | 1 Mplayer | 1 Mplayer | 2026-04-23 | N/A |
| The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. | ||||
| CVE-2007-1390 | 1 Dynaliens | 1 Dynaliens | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3. | ||||
| CVE-2007-4532 | 1 Michal Marcinkowski | 2 Soldat Dedicated Server, Soldat Game Server | 2026-04-23 | N/A |
| Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a denial of service (client lockout) via a series of UDP join packets from a spoofed IP address, which triggers temporary blacklisting of this IP address. | ||||
| CVE-2007-1391 | 1 Webo | 1 Webo | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | ||||
| CVE-2007-1392 | 1 Netforo | 1 Netforo | 2026-04-23 | N/A |
| Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter. | ||||
| CVE-2007-1393 | 1 Geo Soft | 1 Magic Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-4533 | 1 Vavoom | 1 Vavoom | 2026-04-23 | N/A |
| Format string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function. | ||||
| CVE-2007-1394 | 1 Flat Chat | 1 Flat Chat | 2026-04-23 | N/A |
| Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1395 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. | ||||
| CVE-2007-4534 | 1 Vavoom | 1 Vavoom | 2026-04-23 | N/A |
| Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field. | ||||
| CVE-2007-1396 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor. | ||||
| CVE-2007-1398 | 2 Linux, Snort | 2 Linux Kernel, Snort | 2026-04-23 | N/A |
| The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet. | ||||
| CVE-2007-4535 | 1 Vavoom | 1 Vavoom | 2026-04-23 | N/A |
| The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error. | ||||
| CVE-2007-1400 | 1 Plesh | 1 Plesh | 2026-04-23 | N/A |
| Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl. | ||||
| CVE-2007-1424 | 1 Softnews Media Group | 1 Datalife Engine | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1425 | 1 Triexa | 1 Sonicmailer Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action. | ||||
| CVE-2007-1427 | 1 Assetman | 1 Assetman | 2026-04-23 | N/A |
| Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter. | ||||
| CVE-2007-1428 | 1 Php Labs | 1 Jobsitepro | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter. | ||||