Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7207 1 Ageet 1 Agephone 2026-04-23 N/A
Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
CVE-2007-2765 1 Ac Zoom 1 Blockhosts 2026-04-23 N/A
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
CVE-2007-2175 1 Apple 1 Safari 2026-04-23 N/A
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
CVE-2007-2534 1 Phphoo3 1 Phphoo3 2026-04-23 9.8 Critical
Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use
CVE-2007-2363 1 Irfanview 1 Irfanview 2026-04-23 N/A
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
CVE-2007-2850 1 Citrix 2 Access Essentials, Metaframe 2026-04-23 N/A
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
CVE-2007-2897 1 Microsoft 1 Internet Information Server 2026-04-23 N/A
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
CVE-2007-6098 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.
CVE-2007-3108 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2026-04-23 N/A
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
CVE-2007-2726 1 Bitscast 1 Bitscast 2026-04-23 N/A
BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns.
CVE-2007-2924 1 Realnetworks 1 Gamehouse 2026-04-23 N/A
Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-3348 1 D-link 2 Dph-540, Dph-541 2026-04-23 N/A
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
CVE-2007-3151 1 Packeteer 1 Packetshaper 2026-04-23 N/A
rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.
CVE-2007-3158 1 Tenyearsgone 1 Asp Folder Gallery 2026-04-23 N/A
download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter.
CVE-2007-3163 1 Frederico Caldeira Knabben 1 Fckeditor 2026-04-23 N/A
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
CVE-2007-3167 1 Vivotek 1 Mjpegcontrol 2026-04-23 N/A
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
CVE-2007-0469 1 Rubyforge 1 Rubygems 2026-04-23 N/A
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
CVE-2007-3176 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-23 N/A
Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report.
CVE-2007-3361 1 Nortel 1 Pc Client Soft Phone Sip 2026-04-23 N/A
The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header.
CVE-2007-3182 1 Vincent Hor 1 Calendarix 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.