Export limit exceeded: 346164 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346164 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3433 | 1 Netart Media | 1 Pharmacy System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action. | ||||
| CVE-2007-3437 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2026-04-23 | N/A |
| AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. | ||||
| CVE-2007-3440 | 1 Snom | 2 320 Sip Phone, Snom 320 Linux | 2026-04-23 | N/A |
| The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800. | ||||
| CVE-2007-3441 | 1 Aastra Telecom | 1 9112i Sip Phone | 2026-04-23 | N/A |
| Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349. | ||||
| CVE-2007-3450 | 1 Gorani Network | 1 6alblog | 2026-04-23 | N/A |
| SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2026-04-23 | N/A |
| A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | ||||
| CVE-2007-3462 | 1 Sofaware | 1 Safe At Office 500 Utm | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network. | ||||
| CVE-2007-3468 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. | ||||
| CVE-2007-3473 | 2 Libgd, Redhat | 2 Gd Graphics Library, Enterprise Linux | 2026-04-23 | N/A |
| The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. | ||||
| CVE-2007-3476 | 2 Gd Graphics Library, Redhat | 2 Gdlib, Enterprise Linux | 2026-04-23 | N/A |
| Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. | ||||
| CVE-2007-3492 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command. | ||||
| CVE-2007-3493 | 2 Microsoft, Nctsoft Products | 4 Internet Explorer, Windows Xp, Nctaudiostudio and 1 more | 2026-04-23 | N/A |
| A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. | ||||
| CVE-2007-3510 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name. | ||||
| CVE-2007-3517 | 1 Claroline | 1 Claroline | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. | ||||
| CVE-2007-3524 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php. | ||||
| CVE-2007-3526 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. | ||||
| CVE-2007-3532 | 2 Gentoo, Nvidia | 2 Linux, Video Driver | 2026-04-23 | N/A |
| NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | ||||
| CVE-2007-5482 | 1 Sun | 2 Storagetek 3510, Storedge | 2026-04-23 | N/A |
| Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors. | ||||
| CVE-2007-3535 | 1 Frank Karau | 1 Gl-sh Deaf Forum | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. | ||||
| CVE-2007-3543 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. | ||||