Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4251 | 1 Openoffice | 1 Openoffice | 2026-04-23 | N/A |
| OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | ||||
| CVE-2007-4252 | 1 Chilkat Software | 1 Asp String | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633. | ||||
| CVE-2007-4253 | 1 Envolution | 1 Envolution | 2026-04-23 | N/A |
| SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263. | ||||
| CVE-2007-0961 | 1 Cisco | 2 Asa 5500, Pix Firewall Software | 2026-04-23 | N/A |
| Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets. | ||||
| CVE-2007-4124 | 1 Hitachi | 14 Cosminexus Application Server, Cosminexus Collaboration Portal, Cosminexus Developer and 11 more | 2026-04-23 | N/A |
| The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. | ||||
| CVE-2007-0868 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6774 | 1 Ciberia | 1 Content Federator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6642 | 1 Contra Haber Sistemi | 1 Contra Haber Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5460 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458 | ||||
| CVE-2006-6342 | 1 Klf-design | 1 Klf-realty | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp. | ||||
| CVE-2007-5274 | 4 Mozilla, Opera, Redhat and 1 more | 6 Firefox, Opera Browser, Rhel Extras and 3 more | 2026-04-23 | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | ||||
| CVE-2007-6629 | 1 Feng | 1 Feng | 2026-04-23 | N/A |
| Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line. | ||||
| CVE-2006-5855 | 1 Ibm | 1 Tivoli Storage Manager | 2026-04-23 | N/A |
| Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. | ||||
| CVE-2007-0948 | 1 Microsoft | 2 Virtual Pc, Virtual Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." | ||||
| CVE-2007-1393 | 1 Geo Soft | 1 Magic Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-1394 | 1 Flat Chat | 1 Flat Chat | 2026-04-23 | N/A |
| Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1397 | 1 Fish | 1 Fish | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | ||||
| CVE-2007-1402 | 1 Rediff | 1 Toolbar | 2026-04-23 | N/A |
| The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments. | ||||
| CVE-2007-1406 | 1 Edgewall Software | 1 Trac | 2026-04-23 | N/A |
| Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-1407 | 1 Open Solution | 1 Quick.cart | 2026-04-23 | N/A |
| Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit." | ||||