Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4406 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-0819 1 Hp 1 Network Node Manager 2026-04-23 N/A
HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.
CVE-2007-0821 1 Cedric 1 Claire Portailphp 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0822 1 Linux 1 Linux Kernel 2026-04-23 N/A
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.
CVE-2007-0826 1 Kisisel Site 2007 1 Kisisel Site Forum.asp 2026-04-23 N/A
SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2007-0827 1 Alibaba 1 Alipay Activex Control 2026-04-23 N/A
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.
CVE-2007-0829 1 Alwil 1 Avast Antivirus 2026-04-23 N/A
avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
CVE-2007-0832 1 Vmware 1 Workstation 2026-04-23 N/A
VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.
CVE-2006-4410 1 Apple 1 Mac Os X 2026-04-23 N/A
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
CVE-2007-0837 1 Agermenu 1 Agermenu 2026-04-23 N/A
PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-0839 1 Valarsoft 1 Webmatic 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
CVE-2007-0840 1 Hlstats 1 Hlstats 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.
CVE-2006-3868 1 Microsoft 1 Office 2026-04-23 N/A
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
CVE-2007-0845 1 Advanced Poll 1 Advanced Poll 2026-04-23 N/A
admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
CVE-2007-0847 1 Open Tibia Server Cms 1 Open Tibia Server Cms 2026-04-23 N/A
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
CVE-2007-0848 1 Maian Recipe 1 Maian Recipe 2026-04-23 N/A
PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
CVE-2006-4518 1 Qbik 1 Wingate 2026-04-23 N/A
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
CVE-2007-0852 1 Techexcel Inc. 1 Devtrack 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0855 1 Rarlab 1 Unrar 2026-04-23 N/A
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
CVE-2007-0856 1 Trend Micro 8 Client-server-messaging Security, Damage Cleanup Services, Pc-cillin Internet Security and 5 more 2026-04-23 N/A
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.