Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4884 | 1 Media Player Classic | 1 Media Player Classic | 2026-04-23 | N/A |
| Media Player Classic (MPC) allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. | ||||
| CVE-2007-4767 | 1 Pcre | 1 Pcre | 2026-04-23 | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. | ||||
| CVE-2007-2199 | 4 Cjg Explorer Pro, Joomla, Nx and 1 more | 4 Cjg Explorer Pro, Joomla, N X Wcms and 1 more | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. | ||||
| CVE-2007-4885 | 1 Avnex | 1 Av Mp3 Player | 2026-04-23 | N/A |
| Avnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. | ||||
| CVE-2007-2218 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-23 | N/A |
| Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. | ||||
| CVE-2007-4768 | 2 Pcre, Redhat | 2 Pcre, Rhel Extras | 2026-04-23 | N/A |
| Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | ||||
| CVE-2007-4887 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | ||||
| CVE-2007-2222 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2026-04-23 | N/A |
| Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. | ||||
| CVE-2007-2223 | 1 Microsoft | 11 Expression Web, Office, Office Compatibility Pack and 8 more | 2026-04-23 | N/A |
| Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. | ||||
| CVE-2007-4888 | 1 Xwiki | 1 Xwiki | 2026-04-23 | N/A |
| The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. | ||||
| CVE-2007-2225 | 1 Microsoft | 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more | 2026-04-23 | N/A |
| A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." | ||||
| CVE-2007-4889 | 1 Php | 2 Mysql Extension, Php | 2026-04-23 | N/A |
| The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. | ||||
| CVE-2007-4769 | 3 Postgresql, Redhat, Tcl Tk | 4 Postgresql, Enterprise Linux, Rhel Application Stack and 1 more | 2026-04-23 | N/A |
| The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. | ||||
| CVE-2007-4890 | 1 Microsoft | 1 Visual Studio | 2026-04-23 | N/A |
| Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. | ||||
| CVE-2007-4892 | 1 Swsoft | 1 Plesk | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. | ||||
| CVE-2007-4770 | 2 Icu-project, Redhat | 2 International Components For Unicode, Enterprise Linux | 2026-04-23 | N/A |
| libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. | ||||
| CVE-2007-4894 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | ||||
| CVE-2007-4771 | 2 Icu-project, Redhat | 2 International Components For Unicode, Enterprise Linux | 2026-04-23 | N/A |
| Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4895 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2026-04-23 | N/A |
| Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter. | ||||
| CVE-2007-2228 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2026-04-23 | N/A |
| rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. | ||||