Export limit exceeded: 11749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25438 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25438 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6263 | 1 Netkit-ftp | 1 Netkit Ftp | 2026-04-23 | N/A |
| The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769. | ||||
| CVE-2007-6249 | 1 Gentoo | 2 Linux, Portage | 2026-04-23 | N/A |
| etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | ||||
| CVE-2007-6242 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2026-04-23 | N/A |
| Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." | ||||
| CVE-2007-6239 | 2 Redhat, Squid | 2 Enterprise Linux, Squid Web Proxy Cache | 2026-04-23 | N/A |
| The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. | ||||
| CVE-2007-6235 | 1 Realnetworks | 1 Realplayer | 2026-04-23 | N/A |
| A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904. | ||||
| CVE-2007-6224 | 2 Microsoft, Realnetworks | 3 Windows Vista, Windows Xp, Realplayer | 2026-04-23 | N/A |
| The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method. | ||||
| CVE-2007-6221 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2026-04-23 | N/A |
| TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6218 | 1 Ossigeno | 1 Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | ||||
| CVE-2007-6207 | 2 Redhat, Xensource Inc | 2 Enterprise Linux, Xen | 2026-04-23 | N/A |
| Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | ||||
| CVE-2007-6206 | 6 Canonical, Debian, Linux and 3 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2026-04-23 | N/A |
| The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. | ||||
| CVE-2007-6193 | 1 Citrix | 1 Netscaler | 2026-04-23 | N/A |
| The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | ||||
| CVE-2007-6190 | 1 Cisco | 1 Unified Ip Phone | 2026-04-23 | N/A |
| The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. | ||||
| CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2026-04-23 | N/A |
| The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | ||||
| CVE-2007-6179 | 1 Kinson Chan Charray | 1 Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/. | ||||
| CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | ||||
| CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2026-04-23 | N/A |
| kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | ||||
| CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | ||||
| CVE-2007-6161 | 1 Tilde | 1 Tilde Cms | 2026-04-23 | N/A |
| index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. | ||||
| CVE-2007-6150 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. | ||||
| CVE-2007-6146 | 1 Hitachi | 1 Jp1 File Transmission Server | 2026-04-23 | N/A |
| Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. | ||||