Search Results (121022 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0040 1 Microsoft 2 Windows 2000, Windows 2003 Server 2026-04-23 N/A
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
CVE-2007-0041 1 Microsoft 5 .net Framework, Windows 2000, Windows 2003 Server and 2 more 2026-04-23 N/A
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
CVE-2007-5007 1 Gnome 1 Balsa 2026-04-23 N/A
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
CVE-2007-5010 1 Wilson Windowware 1 Webbatch 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe.
CVE-2007-5011 1 Wilson Windowware 1 Webbatch 2026-04-23 N/A
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter.
CVE-2007-0044 2 Adobe, Redhat 4 Acrobat, Acrobat 3d, Acrobat Reader and 1 more 2026-04-23 N/A
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
CVE-2007-5012 1 Phpwebgallery 1 Phpwebgallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0045 2 Adobe, Redhat 4 Acrobat, Acrobat 3d, Acrobat Reader and 1 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
CVE-2007-5013 1 Phormer 1 Phormer 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0049 1 Geckovich 2 Tasktracker, Tasktracker Pro 2026-04-23 N/A
Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.
CVE-2007-5015 1 Streamline 1 Streamline 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support.
CVE-2007-0057 1 Cisco 1 Network Admission Control Manager And Server System Software 2026-04-23 N/A
Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.
CVE-2007-0058 1 Cisco 1 Network Admission Control Manager And Server System Software 2026-04-23 N/A
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
CVE-2007-0061 2 Canonical, Vmware 6 Ubuntu Linux, Ace, Esx and 3 more 2026-04-23 N/A
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
CVE-2007-0064 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Media Format Runtime and 3 more 2026-04-23 N/A
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
CVE-2007-0072 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.
CVE-2007-5029 1 Dibbler 1 Dibbler 2026-04-23 N/A
Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.
CVE-2008-0537 1 Cisco 5 7600 Router, Catalyst 6500, Me 6524 Ethernet Switch and 2 more 2026-04-23 N/A
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors.
CVE-2007-0074 1 Trend Micro 1 Serverprotect 2026-04-23 N/A
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.
CVE-2007-0082 1 Imgallery 1 Imgallery 2026-04-23 N/A
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.