Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0066 1 Microsoft 6 Home Server, Small Business Server, Windows 2000 and 3 more 2026-04-23 N/A
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
CVE-2007-0069 1 Microsoft 3 Windows 2003 Server, Windows Vista, Windows Xp 2026-04-23 N/A
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
CVE-2007-0077 1 Lblog 1 Lblog 2026-04-23 N/A
lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/.
CVE-2007-0079 1 Rblog 1 Rblog 2026-04-23 N/A
rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.
CVE-2007-0081 1 Sunbelt 1 Sunbelt Kerio Personal Firewall 2026-04-23 N/A
Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.
CVE-2007-0083 1 Nuked-klan 1 Nuked-klan 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.
CVE-2007-0085 1 Openbsd 1 Openbsd 2026-04-23 N/A
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.
CVE-2007-0087 1 Microsoft 1 Internet Information Server 2026-04-23 N/A
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal
CVE-2007-0088 1 Openmedia 1 Openmedia 2026-04-23 N/A
Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.
CVE-2007-0089 1 Jgbbs 1 Jgbbs 2026-04-23 N/A
jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.
CVE-2007-0090 1 Fermentigrafici 1 Wineglass 2026-04-23 N/A
WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.
CVE-2007-0091 1 Katy Whitton Web Development 1 Newscmslite 2026-04-23 N/A
newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.
CVE-2007-0093 1 Cms-center 1 Simple Web Cms 2026-04-23 N/A
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0094 1 Sven Moderow 1 Sven Moderow Guestbook 2026-04-23 N/A
Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/.
CVE-2007-0095 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
CVE-2007-0096 1 Carbon Communities 1 Carbon Communities 2026-04-23 N/A
CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.
CVE-2007-0097 1 Conexware 1 Powerarchiver 2006 2026-04-23 N/A
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.
CVE-2007-0098 1 Verliadmin 1 Verliadmin 2026-04-23 N/A
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
CVE-2007-0101 1 Spine 1 Spine 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-0105 1 Cisco 1 Secure Access Control Server 2026-04-23 N/A
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.