Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0488 1 Huawei 1 Versatile Routing Platform 2026-04-23 N/A
The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.
CVE-2007-0480 1 Cisco 1 Ios Transmission Control Protocol 2026-04-23 N/A
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
CVE-2007-0472 1 Smb4k 1 Smb4k 2026-04-23 N/A
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
CVE-2007-0461 1 Dazuko 1 Dazuko 2026-04-23 N/A
Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.
CVE-2007-0441 1 Hp 1 Openview Network Node Manager 2026-04-23 N/A
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2007-0429 1 Divx 1 Divx Player 2026-04-23 N/A
DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.
CVE-2007-0422 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
CVE-2007-0418 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
CVE-2007-0403 1 Easebay Resources 1 Paypal Subscription Manager 2026-04-23 N/A
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
CVE-2007-0414 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.
CVE-2007-0390 1 Sabros.us 1 Sabros.us 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
CVE-2006-6413 1 Amateras 1 Amateras Sns 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0372 1 Francisco Burzi 1 Php-nuke 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.
CVE-2007-0367 1 Maxum Development Corporation 1 Rumpus Ftp Server 2026-04-23 N/A
Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.
CVE-2007-0359 1 Uberghey 1 Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
CVE-2007-0352 1 Microsoft 1 Html Help Workshop 2026-04-23 N/A
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
CVE-2007-0336 1 Rixstep 1 Undercover 2026-04-23 N/A
Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.
CVE-2007-0332 1 Xentraz 1 Liens Dynamiques 2026-04-23 N/A
(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.
CVE-2007-0319 1 Motive Incorporated 2 Self Service Manager, Service Activation Manager 2026-04-23 N/A
Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-0312 1 Wcsimple Poll 1 Wcsimple Poll 2026-04-23 N/A
wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.