Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2104 | 1 Ixon Cms | 1 Ixon Cms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. | ||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2026-04-23 | N/A |
| The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | ||||
| CVE-2007-2030 | 1 Redhat | 2 Enterprise Linux, Fedora Core | 2026-04-23 | N/A |
| lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. | ||||
| CVE-2007-2031 | 1 3proxy | 1 3proxy | 2026-04-23 | N/A |
| Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests. | ||||
| CVE-2007-2035 | 1 Cisco | 1 Wireless Control System | 2026-04-23 | N/A |
| Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. | ||||
| CVE-2007-2036 | 1 Cisco | 1 Wireless Lan Controller Software | 2026-04-23 | N/A |
| The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. | ||||
| CVE-2007-2136 | 1 Bmc | 1 Patrol Perform Agent | 2026-04-23 | N/A |
| Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. | ||||
| CVE-2007-2038 | 1 Cisco | 4 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 4100 Wireless Lan Controller and 1 more | 2026-04-23 | N/A |
| The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. | ||||
| CVE-2007-2179 | 1 Raiden Professional Servers | 1 Raidenftpd | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference. | ||||
| CVE-2007-2186 | 2 Foxit, Microsoft | 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more | 2026-04-23 | N/A |
| Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | ||||
| CVE-2007-2191 | 7 Bsd, Freepbx, Hp and 4 more | 8 Bsd, Freepbx, Hp-ux and 5 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. | ||||
| CVE-2007-2192 | 1 Antonio Da Cruz | 1 Photofiltre Studio | 2026-04-23 | N/A |
| Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file. | ||||
| CVE-2007-2258 | 1 Phpmybibli | 1 Phpmybibli | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | ||||
| CVE-2007-2259 | 1 Esforum | 1 Esforum | 2026-04-23 | N/A |
| SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter. | ||||
| CVE-2007-2367 | 1 Wserve Http Server | 1 Wserve Http Server | 2026-04-23 | N/A |
| Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI. | ||||
| CVE-2007-2375 | 1 Symantec | 1 Enterprise Security Manager | 2026-04-23 | N/A |
| The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. | ||||
| CVE-2007-2378 | 1 Google | 1 Web Toolkit | 2026-04-23 | N/A |
| The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2381 | 1 Mochikit | 1 Mochikit Framework | 2026-04-23 | N/A |
| The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2382 | 1 Mad4milk | 1 Moo.fx | 2026-04-23 | N/A |
| The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | ||||
| CVE-2007-2386 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | ||||