Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2787 1 Lead Technologies 1 Leadtools Raster Thumbnail Object Library 2026-04-23 N/A
Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.
CVE-2007-2791 1 Hp 1 Tru64 2026-04-23 N/A
Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
CVE-2007-2792 1 Com Yanc 1 Com Yanc 2026-04-23 N/A
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2007-2796 1 Arris 1 Cadant C3 Cmts 2026-04-23 N/A
Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
CVE-2007-2797 3 Debian, Redhat, Xterm 3 Debian Linux, Enterprise Linux, Xterm 2026-04-23 N/A
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
CVE-2007-2805 1 Clientexec 1 Clientexec 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.
CVE-2007-2806 1 Galix 1 Galix 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
CVE-2007-2808 2 Gnu, Yngve Svendsen 2 Gnats, Gnatsweb 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
CVE-2007-2810 1 Gazi Download Portal 1 Gazi Download Portal 2026-04-23 N/A
SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2814 1 Pegasus 1 Imagn Activex Control 2026-04-23 N/A
Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.
CVE-2007-2817 1 Ol Bookmarks 1 Ol Bookmarks 2026-04-23 N/A
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2819 1 Track\+ 1 Track\+ 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.
CVE-2007-2820 1 Ksign 1 Ksignswat 2026-04-23 N/A
Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions.
CVE-2007-2825 1 Atmail 1 Atmail Webmail 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
CVE-2007-2828 1 Johntp 1 Adsense-deluxe 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
CVE-2007-2830 1 Madwifi 1 Madwifi 2026-04-23 N/A
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
CVE-2007-2832 1 Cisco 1 Call Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
CVE-2007-2837 2 Debian, Fireflier 2 Debian Linux, Fireflier 2026-04-23 N/A
The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
CVE-2007-2838 2 Debian, Gsambad 2 Debian Linux, Gsambad 2026-04-23 N/A
The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.
CVE-2007-2844 1 Php 1 Php 2026-04-23 N/A
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.