Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0852 1 Techexcel Inc. 1 Devtrack 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0853 1 Techexcel Inc. 1 Devtrack 2026-04-23 N/A
SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0856 1 Trend Micro 8 Client-server-messaging Security, Damage Cleanup Services, Pc-cillin Internet Security and 5 more 2026-04-23 N/A
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.
CVE-2007-0857 1 Moinmoin 1 Moinmoin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.
CVE-2007-0861 1 Phpcoin 1 Phpcoin 2026-04-23 N/A
PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached
CVE-2007-0763 1 F3site 1 F3site 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.
CVE-2007-0879 1 Smidgeonsoft 1 Pebrowse 2026-04-23 N/A
Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0864 1 Lushiwarplaner 1 Lushiwarplaner 2026-04-23 N/A
SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.
CVE-2007-0754 1 Apple 1 Quicktime 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
CVE-2007-0750 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
CVE-2007-0756 1 Chicken Of The Vnc 1 Chicken Of The Vnc 2026-04-23 N/A
Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.
CVE-2007-0748 1 Apple 2 Darwin Streaming Server, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
CVE-2007-0749 1 Apple 2 Darwin Streaming Server, Mac Os X Server 2026-04-23 N/A
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
CVE-2007-0757 1 Miguel Nunes 1 Call Of Duty 2 Dreamstats System 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.
CVE-2007-0877 1 March Networks 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more 2026-04-23 N/A
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0880 1 Capital Request Forms 1 Capital Request Forms 2026-04-23 N/A
Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.
CVE-2007-0742 1 Apple 1 Mac Os X 2026-04-23 N/A
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
CVE-2007-0741 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.
CVE-2007-0743 1 Apple 1 Mac Os X 2026-04-23 N/A
URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.
CVE-2007-0738 1 Apple 1 Mac Os X 2026-04-23 N/A
The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.