Total
29888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1398 | 2 Linux, Snort | 2 Linux Kernel, Snort | 2025-04-09 | N/A |
| The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet. | ||||
| CVE-2007-1620 | 1 Php Db Designer | 1 Php Db Designer | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php. | ||||
| CVE-2007-2193 | 1 Acd Systems | 2 Acdsee, Photo Editor | 2025-04-09 | N/A |
| Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2725 | 1 Db Soft Lab | 1 Dewizardx | 2025-04-09 | N/A |
| The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function. | ||||
| CVE-2007-1402 | 1 Rediff | 1 Toolbar | 2025-04-09 | N/A |
| The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments. | ||||
| CVE-2007-2194 | 1 Gentoo | 1 Xnview | 2025-04-09 | N/A |
| Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1437 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2025-04-09 | N/A |
| Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | ||||
| CVE-2007-1611 | 1 Sourcenext | 1 Ikanari Jijyou | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. | ||||
| CVE-2007-1795 | 1 Jccorp | 1 Urlshrink | 2025-04-09 | N/A |
| JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2228 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | N/A |
| rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. | ||||
| CVE-2007-1679 | 1 Horde | 1 Groupware | 2025-04-09 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages | ||||
| CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-1608 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. | ||||
| CVE-2007-1586 | 1 Zyxel | 1 Zynos | 2025-04-09 | N/A |
| ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | ||||
| CVE-2007-2530 | 1 Tropicalm | 1 Tropicalm Crowell Resource | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. | ||||
| CVE-2007-4546 | 1 X-diesel | 1 Unreal Commander | 2025-04-09 | N/A |
| Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. | ||||
| CVE-2007-2786 | 1 Ircd-ratbox | 1 Ircd-ratbox | 2025-04-09 | N/A |
| Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client. | ||||
| CVE-2006-6015 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. | ||||
| CVE-2007-2835 | 2 Debian, Unicon-imc2 | 2 Debian Linux, Unicon-imc2 | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | ||||
| CVE-2007-0316 | 1 All In One Control Panel | 1 All In One Control Panel | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. | ||||