Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1452 1 Php 1 Php 2026-04-23 N/A
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
CVE-2007-1453 1 Php 1 Php 2026-04-23 N/A
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
CVE-2007-1454 1 Php 1 Php 2026-04-23 N/A
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
CVE-2007-1455 1 Cpanel-host 1 Fantastico De Luxe 2026-04-23 N/A
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
CVE-2007-1456 1 Phpalbum.net 1 Phpalbum 2026-04-23 N/A
PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file. However, it is possible that the original researcher was referring to a different product
CVE-2007-1457 1 Christian Scheurer 2 Unrarlib, Urarfilelib 2026-04-23 N/A
Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument.
CVE-2007-1458 1 Care2x 1 Care2x 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.
CVE-2007-1459 1 Webcreator 1 Webcreator 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.
CVE-2007-1462 2 Conga, Redhat 3 Conga, Linux, Rhel Cluster 2026-04-23 N/A
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
CVE-2007-1463 2 Inkscape, Ubuntu 2 Inkscape, Ubuntu Linux 2026-04-23 N/A
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
CVE-2007-1464 1 Inkscape 1 Inkscape 2026-04-23 N/A
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-1465 1 Dproxy 1 Dproxy 2026-04-23 N/A
Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.
CVE-2007-1467 1 Cisco 18 Acs Solution Engine, Call Manager, Ciscoworks and 15 more 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
CVE-2007-1730 1 Linux 1 Linux Kernel 2026-04-23 N/A
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
CVE-2007-1731 1 Hpaftpd 1 Hpaftpd 2026-04-23 N/A
Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command.
CVE-2007-1733 1 Intervations 1 Navicopa Web Server 2026-04-23 N/A
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
CVE-2007-1734 1 Linux 1 Linux Kernel 2026-04-23 N/A
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.
CVE-2007-1736 1 Mozilla 1 Firefox 2026-04-23 N/A
Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
CVE-2007-1737 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
CVE-2007-1738 1 Truecrypt Foundation 1 Truecrypt 2026-04-23 N/A
TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.