Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3657 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition. | ||||
| CVE-2007-3768 | 1 Netwin | 1 Surgeftp | 2026-04-23 | N/A |
| The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | ||||
| CVE-2007-2136 | 1 Bmc | 1 Patrol Perform Agent | 2026-04-23 | N/A |
| Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. | ||||
| CVE-2007-3776 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2026-04-23 | N/A |
| Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. | ||||
| CVE-2007-3779 | 1 Squirrelmail | 1 Gpg Plugin | 2026-04-23 | N/A |
| PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. | ||||
| CVE-2007-3830 | 1 Ibm | 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | ||||
| CVE-2007-3831 | 1 Ibm | 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 | 2026-04-23 | N/A |
| PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2007-3839 | 1 Tbdev.net | 1 Dr | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3840 | 1 Sitetrafficstats | 1 Sitetrafficstats | 2026-04-23 | N/A |
| SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter. | ||||
| CVE-2007-4191 | 1 Panda | 1 Panda Antivirus | 2026-04-23 | N/A |
| Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. | ||||
| CVE-2007-2147 | 1 Stephen Craton | 1 Chatness | 2026-04-23 | N/A |
| admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. | ||||
| CVE-2007-4163 | 1 Index Script | 1 Index Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id, (2) start_id, (3) row[parent_id], and (4) row[cat_id] parameters to unspecified components, related to use of these parameters within include/utils.php. NOTE: the show_cat.php cat_id vector is already covered by CVE-2007-4069. | ||||
| CVE-2007-1815 | 1 Xoops | 1 Library Module | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2007-2045 | 1 Sun | 1 Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments. | ||||
| CVE-2007-4175 | 1 Openrat | 1 Openrat Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters. | ||||
| CVE-2007-1921 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. | ||||
| CVE-2007-1969 | 1 Sam Crew | 1 Myblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2007-1947 | 1 Parakey Inc. | 1 Firebug | 2026-04-23 | N/A |
| Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878. | ||||
| CVE-2007-2001 | 1 Crea-book | 1 Crea-book | 2026-04-23 | N/A |
| Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3. | ||||
| CVE-2007-2003 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2026-04-23 | N/A |
| InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect. | ||||