Export limit exceeded: 350768 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350768 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1993 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." | ||||
| CVE-2007-1994 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. | ||||
| CVE-2007-2010 | 1 Bftpd | 1 Bftpd | 2026-04-23 | N/A |
| Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. | ||||
| CVE-2007-2008 | 1 Pl-php | 1 Pl-php | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2006-6035 | 1 F-art Agency | 1 Blog Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | ||||
| CVE-2007-1728 | 1 Sony | 2 Playstation 3, Playstation Portable | 2026-04-23 | N/A |
| The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. | ||||
| CVE-2007-1726 | 1 Icebb | 1 Icebb | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | ||||
| CVE-2007-1725 | 1 Icebb | 1 Icebb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | ||||
| CVE-2007-1724 | 1 Reactos | 1 Reactos | 2026-04-23 | N/A |
| Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures. | ||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2026-04-23 | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2006-5980 | 1 Renasoft | 1 Netjetserver | 2026-04-23 | N/A |
| adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2007-1542 | 1 Cisco | 2 7940 Router, 7960 Router | 2026-04-23 | N/A |
| Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1543 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. | ||||
| CVE-2007-1544 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. | ||||
| CVE-2007-1545 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. | ||||
| CVE-2007-1546 | 2 Mandrakesoft, Radscan | 2 Mandrake Linux, Network Audio System | 2026-04-23 | N/A |
| Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. | ||||
| CVE-2007-1548 | 1 Webwizguide | 1 Web Wiz Forums | 2026-04-23 | N/A |
| SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp. | ||||
| CVE-2006-5984 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable. | ||||
| CVE-2007-1550 | 1 Phpx | 1 Phpx | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php. | ||||
| CVE-2007-1552 | 1 Metaforum | 1 Metaforum | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php. | ||||