Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0930 1 Apache Stats 1 Apache Stats 2026-04-23 N/A
Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
CVE-2007-0933 2 D-link, Microsoft 2 Dwl-g650\+, Windows Xp 2026-04-23 N/A
Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.
CVE-2007-0934 1 Microsoft 1 Visio 2026-04-23 N/A
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
CVE-2007-0951 1 Fullaspsite 1 Asp Hosting Site 2026-04-23 N/A
SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-0938 1 Microsoft 1 Content Management Server 2026-04-23 N/A
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
CVE-2007-0939 1 Microsoft 1 Content Management Server 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
CVE-2007-0945 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2026-04-23 N/A
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."
CVE-2007-0946 1 Microsoft 4 Internet Explorer, Windows 2003 Server, Windows Vista and 1 more 2026-04-23 N/A
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
CVE-2007-0948 1 Microsoft 2 Virtual Pc, Virtual Server 2026-04-23 N/A
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
CVE-2007-0950 1 Fullaspsite 1 Asp Hosting Site 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2007-1492 1 Microsoft 1 Windows Xp 2026-04-23 N/A
winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.
CVE-2007-1493 1 Nukescripts 1 Nukesentinel 2026-04-23 N/A
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
CVE-2007-1494 1 Nukescripts 1 Nukesentinel 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
CVE-2007-1495 1 Symantec 1 Norton Personal Firewall 2026-04-23 N/A
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.
CVE-2007-1496 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.
CVE-2007-1497 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.
CVE-2007-1502 1 Rhapsody Irc 1 Rhapsody Irc 2026-04-23 N/A
Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument to the (d) ctcp, (e) chat, (f) notice, (g) message (msg), or (h) query commands.
CVE-2007-1503 1 Rhapsody Irc 1 Rhapsody Irc 2026-04-23 N/A
Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands.
CVE-2007-1504 1 Fujitsu 2 Interstage Application Server, Interstage Apworks 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes.
CVE-2007-1505 1 Fujitsu 2 Fence, Systemwalker Desktop Encryption 2026-04-23 N/A
Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.