Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1869 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. | ||||
| CVE-2007-1870 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. | ||||
| CVE-2007-1895 | 1 Sky Gunning | 1 Myspeach | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. | ||||
| CVE-2007-1896 | 1 Sky Gunning | 1 Myspeach | 2026-04-23 | N/A |
| Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie. | ||||
| CVE-2006-6779 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. | ||||
| CVE-2007-1942 | 1 Faststone | 1 Image Viewer | 2026-04-23 | N/A |
| Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp. | ||||
| CVE-2007-1950 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter. | ||||
| CVE-2007-1954 | 1 Archivexpert | 1 Archivexpert | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file. | ||||
| CVE-2007-2484 | 1 Ruben Boelinger | 1 Wp-table | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | ||||
| CVE-2007-2485 | 1 Ruben Boelinger | 1 Myflash | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | ||||
| CVE-2007-2487 | 1 Atomix Productions | 1 Atomixmp3 | 2026-04-23 | N/A |
| Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287. | ||||
| CVE-2007-2488 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. | ||||
| CVE-2007-2495 | 1 Office Ocx | 1 Excel Viewer Ocx | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2496 | 1 Office Ocx | 1 Word Viewer Ocx | 2026-04-23 | N/A |
| The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value. | ||||
| CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. | ||||
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2026-04-23 | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | ||||
| CVE-2007-2536 | 1 Picozip | 1 Picozip | 2026-04-23 | N/A |
| PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | ||||
| CVE-2007-2539 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | ||||
| CVE-2007-2540 | 1 Pmecms | 1 Pmecms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/. | ||||