Export limit exceeded: 20044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363660 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363660 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0911 1 Php 1 Php 2026-04-23 N/A
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
CVE-2007-1402 1 Rediff 1 Toolbar 2026-04-23 N/A
The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.
CVE-2007-0913 1 Microsoft 1 Powerpoint 2026-04-23 N/A
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
CVE-2007-0919 1 Nickolas Grigoriadis 1 Mini Web Server 2026-04-23 N/A
Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
CVE-2007-0928 1 Virtual Calendar 1 Virtual Calendar 2026-04-23 N/A
Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.
CVE-2007-0931 2 Alcatel-lucent, Aruba 2 Omniaccess Wireless, Mobility Controller 2026-04-23 N/A
Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.
CVE-2007-0936 1 Microsoft 2 Office, Visio 2026-04-23 N/A
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
CVE-2007-1403 1 Macromedia 1 Shockwave 2026-04-23 N/A
Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.
CVE-2007-1404 1 Prosysinfo 1 Tftp Server Tftpdwin 2026-04-23 N/A
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
CVE-2007-1405 1 Edgewall Software 1 Trac 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2007-0942 1 Microsoft 6 Ie, Internet Explorer, Windows 2000 and 3 more 2026-04-23 N/A
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
CVE-2007-1406 1 Edgewall Software 1 Trac 2026-04-23 N/A
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
CVE-2007-0944 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2026-04-23 N/A
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
CVE-2007-0949 1 Itinysoft Studio 1 Total Video Player 2026-04-23 N/A
Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.
CVE-2007-0960 1 Cisco 2 Asa 5500, Pix Firewall Software 2026-04-23 N/A
Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2007-1407 1 Open Solution 1 Quick.cart 2026-04-23 N/A
Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
CVE-2007-0963 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.
CVE-2007-0964 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.
CVE-2007-0965 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.
CVE-2007-0966 1 Cisco 1 Firewall Services Module 2026-04-23 N/A
Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.