Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0837 1 Agermenu 1 Agermenu 2026-04-23 N/A
PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-0773 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-23 N/A
The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.
CVE-2007-0788 1 Mediawiki 1 Mediawiki 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."
CVE-2007-0774 2 Apache, Redhat 3 Tomcat Jk Web Server Connector, Rhel Application Server, Rhel Application Stack 2026-04-23 N/A
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
CVE-2007-0768 1 Yahoo 1 Messenger 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
CVE-2007-0829 1 Alwil 1 Avast Antivirus 2026-04-23 N/A
avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
CVE-2007-0834 1 Darrens 5-dollar Script Archive 1 Flashchat 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0838 1 Freeproxy 1 Freeproxy 2026-04-23 N/A
FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.
CVE-2007-0844 1 Pam Ssh 1 Pam Ssh 2026-04-23 N/A
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
CVE-2007-0847 1 Open Tibia Server Cms 1 Open Tibia Server Cms 2026-04-23 N/A
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
CVE-2007-0763 1 F3site 1 F3site 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.
CVE-2007-0762 1 Phpbb\+\+ 1 Phpbb\+\+ 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-1873 1 Mephisto 1 Mephisto 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.
CVE-2007-0761 1 Phpbb 1 Ezboard Converter 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.
CVE-2007-0759 1 Umberto Caldera 1 Easymoblog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.
CVE-2007-0764 1 F3site 1 F3site 2026-04-23 N/A
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
CVE-2007-0766 1 Remotesoft 1 .net Explorer 2026-04-23 N/A
Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
CVE-2006-6607 1 Ibm 1 Tivoli Identity Manager 2026-04-23 N/A
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
CVE-2007-0756 1 Chicken Of The Vnc 1 Chicken Of The Vnc 2026-04-23 N/A
Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.
CVE-2007-0757 1 Miguel Nunes 1 Call Of Duty 2 Dreamstats System 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.