Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2009 3 Canonical, Redhat, Xiph.org 3 Ubuntu Linux, Enterprise Linux, Libvorbis 2026-04-23 N/A
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
CVE-2007-4080 1 Alstrasoft 1 E-friends 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
CVE-2007-4082 1 Alstrasoft 1 Article Manager Pro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVE-2007-4085 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
CVE-2007-4089 1 Vikingboard 1 Vikingboard 2026-04-23 N/A
Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components.
CVE-2007-4099 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.
CVE-2007-4104 1 Wp-feedstats 1 Wordpress Plugin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.
CVE-2007-4105 1 Baidu 1 Soba Search Bar 2026-04-23 N/A
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.
CVE-2007-4106 1 Codewidgets 2 Pay Roll - Time Sheet, Punch Card 2026-04-23 N/A
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4107 1 Phpmyforum 1 Phpmyforum 2026-04-23 N/A
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-4110 1 Codewidgets 1 Threaded Discussion Forum Application 2026-04-23 N/A
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4113 1 Advanced Webhost Billing System 1 Advanced Webhost Billing System 2026-04-23 N/A
Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors.
CVE-2007-4114 1 Suskunduygular 1 Suskunduygular Uyelik Sistemi 2026-04-23 N/A
Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-4121 1 E-commerce Solutions 3 Auction Script, Multi-vendor E-shop Script, Shopping Cart Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-4123 1 Hitachi 1 Groupmax Groupware Server 2026-04-23 N/A
The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax Groupware Server 07-00-/F through 07-32-/A before 20070731 does not properly manage schedule server configuration data, which might allow attackers to obtain sensitive information via unspecified vectors.
CVE-2007-4133 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.
CVE-2007-4140 1 Lfs 1 Live For Speed S2 2026-04-23 N/A
Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.
CVE-2007-4142 1 Ibm 1 Lotus Sametime 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting.
CVE-2007-4145 1 Bluesky 1 Blueskychat 2026-04-23 N/A
Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.
CVE-2007-4148 1 Visionsoft 1 Audit 2026-04-23 N/A
Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a "LOG." command.