Export limit exceeded: 366811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0251 | 1 Snort | 1 Snort | 2026-04-23 | N/A |
| Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. | ||||
| CVE-2007-0252 | 1 Easy-content Filemanager | 1 Easy-content Filemanager | 2026-04-23 | N/A |
| Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. | ||||
| CVE-2007-0253 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2026-04-23 | N/A |
| Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven | ||||
| CVE-2007-0254 | 1 Xine | 1 Xine-ui | 2026-04-23 | N/A |
| Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2007-1517 | 1 Paul Knierim | 1 Wsn Guest | 2026-04-23 | N/A |
| SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0255 | 1 Xine | 1 Xine | 2026-04-23 | N/A |
| XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. | ||||
| CVE-2007-0256 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | N/A |
| VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | ||||
| CVE-2007-0257 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2026-04-23 | 7.8 High |
| Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code | ||||
| CVE-2007-0258 | 2 Fastilo, Opensolution | 2 Fastilo, Quick.car | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0260 | 1 Naig | 1 Naig | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use | ||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2026-04-23 | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | ||||
| CVE-2007-0262 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. | ||||
| CVE-2007-0263 | 1 Total Commander | 1 Total Commander | 2026-04-23 | N/A |
| Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0264 | 1 Winzip | 1 Winzip | 2026-04-23 | N/A |
| Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0265 | 1 Ezboxx | 1 Portal System Beta | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. | ||||
| CVE-2007-0266 | 1 Ezboxx | 1 Ezboxx Portal System | 2026-04-23 | N/A |
| SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | ||||
| CVE-2007-0269 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. | ||||
| CVE-2007-0276 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). | ||||
| CVE-2007-0277 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. | ||||
| CVE-2007-0278 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | ||||