Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1462 2 Conga, Redhat 3 Conga, Linux, Rhel Cluster 2026-04-23 N/A
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
CVE-2007-1463 2 Inkscape, Ubuntu 2 Inkscape, Ubuntu Linux 2026-04-23 N/A
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
CVE-2007-1467 1 Cisco 18 Acs Solution Engine, Call Manager, Ciscoworks and 15 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
CVE-2006-5594 1 University Of British Columbia 1 Ipeer 2026-04-23 N/A
PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP.
CVE-2007-1487 3 Cyber Inside, Cyberteddy, Sascha Schroeder 3 Weblog, Weblog, Weblog 2026-04-23 N/A
Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action.
CVE-2007-1493 1 Nukescripts 1 Nukesentinel 2026-04-23 N/A
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
CVE-2007-1495 1 Symantec 1 Norton Personal Firewall 2026-04-23 N/A
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.
CVE-2007-1591 1 Trend Micro 1 Trend Micro Antivirus 2026-04-23 N/A
VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error.
CVE-2006-5602 1 Xsupplicant 1 Xsupplicant 2026-04-23 N/A
Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2007-1598 1 Intervations 1 Filecopa 2026-04-23 N/A
Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2006-7000 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.
CVE-2007-1599 1 Wordpress 1 Wordpress 2026-04-23 N/A
wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.
CVE-2007-1601 1 Weekly Drawing Contest 1 Weekly Drawing Contest 2026-04-23 N/A
Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files
CVE-2007-1614 1 Zziplib 1 Zziplib 2026-04-23 N/A
Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.
CVE-2006-5607 1 Inca 1 Im-204 Adsl Router 2026-04-23 N/A
Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter.
CVE-2007-2480 1 Linux 1 Linux Kernel 2026-04-23 N/A
The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.
CVE-2007-2588 1 Office Ocx 1 Office Viewer Ocx 2026-04-23 N/A
Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function.
CVE-2007-3384 1 Apache 1 Tomcat 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
CVE-2007-1616 1 Scriptmagix 1 Scriptmagix Lyrics 2026-04-23 N/A
SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.
CVE-2007-2512 1 Alcatel-lucent 1 Omnipcx 2026-04-23 N/A
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.