Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3124 1 Freevms 1 Freevms 2026-04-23 N/A
Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt.
CVE-2007-3123 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
CVE-2007-3117 1 Adplan 1 Seo 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers.
CVE-2007-3116 1 Maradns 1 Maradns 2026-04-23 N/A
Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3114 and CVE-2007-3115.
CVE-2007-3115 1 Maradns 1 Maradns 2026-04-23 N/A
Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions than CVE-2007-3114 and CVE-2007-3116.
CVE-2007-3099 1 Redhat 1 Enterprise Linux 2026-04-23 N/A
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
CVE-2006-6021 1 Bestwebapp 1 Bestwebapp Dating Site 2026-04-23 N/A
SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
CVE-2007-3063 1 Mealex 1 My Databook 2026-04-23 N/A
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.
CVE-2007-3062 1 Hp 1 System Management Homepage 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3059 1 Sendcard 1 Sendcard 2026-04-23 N/A
SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.
CVE-2007-3058 1 Madirish Webmail 1 Madirish Webmail 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3053 1 Calimero.cms 1 Calimero.cms 2026-04-23 N/A
Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-3052 1 Postnuke Software Foundation 1 Pnphpbb 2026-04-23 N/A
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2007-3051 1 Revokesoft 1 Revokebb 2026-04-23 N/A
SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
CVE-2007-3003 1 Mywebland 1 Mybloggie 2026-04-23 N/A
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
CVE-2007-2941 1 Michael Brandon 1 Vbgsitemap 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
CVE-2007-2942 1 My Little Homepage 1 My Little Forum 2026-04-23 N/A
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2921 1 Corel 1 Activecgm Browser 2026-04-23 N/A
Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-2934 1 Windy Road 1 Vistered Little 2026-04-23 N/A
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
CVE-2007-2920 1 Zoomify 1 Zoomify Viewer Activex Control 2026-04-23 N/A
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.