Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3608 1 Sap 1 Enjoysap 2026-04-23 N/A
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
CVE-2007-3609 1 Emeeting 1 Online Dating Software 2026-04-23 N/A
Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.
CVE-2007-3610 1 Vastal I-tech 1 Phpvid 2026-04-23 N/A
SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-3611 1 Vrnews 1 Vrnews 2026-04-23 N/A
admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.
CVE-2007-3612 1 Visual Irc 1 Visual Irc 2026-04-23 N/A
Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.
CVE-2007-3666 1 Symantec 1 Norton Ghost 2026-04-23 N/A
Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.
CVE-2007-3621 1 Asteridex 1 Asteridex 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.
CVE-2007-3622 1 Alt-n 1 Mdaemon 2026-04-23 N/A
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
CVE-2007-3641 1 Freebsd 1 Libarchive 2026-04-23 N/A
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
CVE-2007-3636 1 Squirrelmail 2 Gpg Plugin, Squirrelmail 2026-04-23 N/A
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
CVE-2007-3639 1 Wordpress 1 Wordpress 2026-04-23 N/A
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.
CVE-2007-3640 1 Adobe 1 Adobe Air 2026-04-23 N/A
Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE.
CVE-2007-3644 1 Freebsd 1 Libarchive 2026-04-23 N/A
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.
CVE-2007-3645 1 Freebsd 1 Libarchive 2026-04-23 N/A
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.
CVE-2007-3646 1 Flashgamescript 1 Flashgamescript 2026-04-23 N/A
SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action.
CVE-2007-3647 1 Zoneo-soft 1 Phptraffica 2026-04-23 N/A
The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information.
CVE-2007-3648 1 Valarsoft 1 Webmatic 2026-04-23 N/A
SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information.
CVE-2007-3649 1 Hp 1 Photo Digital Imaging Activex Control 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
CVE-2007-3658 1 Microsoft 1 Register Server 2026-04-23 N/A
Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library.
CVE-2007-3659 1 Freewrl 1 Freewrl 2026-04-23 N/A
Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. NOTE: it is not clear whether this issue crosses privilege boundaries.