Total
29935 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3021 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2026-04-23 | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. | ||||
| CVE-2007-3024 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | ||||
| CVE-2007-3025 | 2 Clam Anti-virus, Sun | 2 Clamav, Solaris | 2026-04-23 | N/A |
| Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. | ||||
| CVE-2007-3027 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2026-04-23 | N/A |
| Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." | ||||
| CVE-2007-6198 | 1 Bea | 1 Aqualogic Interaction | 2026-04-23 | N/A |
| portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter. | ||||
| CVE-2007-3038 | 1 Microsoft | 1 Windows Vista | 2026-04-23 | N/A |
| The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." | ||||
| CVE-2007-3044 | 2 Hitachi, Hp | 3 Hi Ux We2, Xp W, Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port. | ||||
| CVE-2007-3045 | 2 Hitachi, Hp | 3 Hi Ux We2, Tp1 Net Osi-tp-extended, Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port. | ||||
| CVE-2007-3047 | 1 Vonage | 1 Voip Telephone Adapter | 2026-04-23 | N/A |
| The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. | ||||
| CVE-2007-3051 | 1 Revokesoft | 1 Revokebb | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie. | ||||
| CVE-2007-3058 | 1 Madirish Webmail | 1 Madirish Webmail | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3060 | 1 Osi Codes Inc. | 1 Phplive | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769. | ||||
| CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2026-04-23 | N/A |
| server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | ||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2026-04-23 | N/A |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | ||||
| CVE-2007-2471 | 1 Sendcard | 1 Sendcard | 2026-04-23 | N/A |
| Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter. | ||||
| CVE-2007-2474 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070. | ||||
| CVE-2007-2476 | 1 Novell | 1 Securelogin | 2026-04-23 | N/A |
| Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes. | ||||
| CVE-2007-2480 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. | ||||
| CVE-2006-6040 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. | ||||
| CVE-2007-2481 | 1 Ruben Boelinger | 1 Wordtube | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | ||||