Export limit exceeded: 29932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1500 | 1 Gentoo | 1 Linux | 2026-04-23 | N/A |
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | ||||
| CVE-2007-0222 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). | ||||
| CVE-2007-0223 | 1 Nicola Asuni | 1 All In One Control Panel | 2026-04-23 | N/A |
| SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter. | ||||
| CVE-2006-4169 | 1 Squirrelmail | 1 Gpg Plugin | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. | ||||
| CVE-2007-0225 | 1 Virtual Programming | 1 Vp-asp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-0228 | 1 Eiqnetworks | 1 Enterprise Security Analyzer | 2026-04-23 | N/A |
| The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. | ||||
| CVE-2007-0231 | 1 Six Apart | 1 Movable Type | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. | ||||
| CVE-2007-0233 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. | ||||
| CVE-2007-0237 | 1 Lookup | 1 Lookup | 2026-04-23 | N/A |
| The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2007-0244 | 2 Debian, Poptop | 2 Debian Linux, Pptp Server | 2026-04-23 | N/A |
| pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. | ||||
| CVE-2007-0246 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. | ||||
| CVE-2007-0249 | 1 Nwom | 1 Nwom Topsites | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. | ||||
| CVE-2007-0250 | 1 Nwom | 1 Nwom Topsites | 2026-04-23 | N/A |
| index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error. | ||||
| CVE-2007-0253 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2026-04-23 | N/A |
| Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven | ||||
| CVE-2007-0254 | 1 Xine | 1 Xine-ui | 2026-04-23 | N/A |
| Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2007-0255 | 1 Xine | 1 Xine | 2026-04-23 | N/A |
| XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. | ||||
| CVE-2007-0256 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | ||||
| CVE-2007-2188 | 1 Extremail | 1 Extremail | 2026-04-23 | N/A |
| eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. | ||||
| CVE-2007-0262 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. | ||||
| CVE-2007-2247 | 1 Phpmyspace | 1 Phpmyspace | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||