Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3706 1 Codeigniter 1 Codeigniter 2026-04-23 N/A
The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.
CVE-2007-3707 1 Codeigniter 1 Codeigniter 2026-04-23 N/A
Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
CVE-2007-3723 1 Sun 1 Solaris 2026-04-23 N/A
The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
CVE-2007-4301 1 Webcart 1 Webcart 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3728 1 Silc 2 Silc Client, Silc Toolkit 2026-04-23 N/A
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.
CVE-2007-3729 1 Hp 1 Openvms 2026-04-23 N/A
The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.
CVE-2007-3730 1 Hp 1 Openvms 2026-04-23 N/A
The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.
CVE-2007-4302 1 Freshmeat 1 Generic Software Wrappers Toolkit 2026-04-23 N/A
Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing.
CVE-2007-3768 1 Netwin 1 Surgeftp 2026-04-23 N/A
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
CVE-2007-3775 1 Cisco 2 Unified Communications Manager, Unified Presence Server 2026-04-23 N/A
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
CVE-2007-4303 2 Cerb, Freebsd 2 Cerbng, Freebsd 2026-04-23 N/A
Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.
CVE-2007-0656 1 Phpbb2-modificat 1 Phpbb2-modificat 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-3821 1 Citadel 1 Webcit 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
CVE-2007-3828 1 Apple 1 Mac Os X 2026-04-23 N/A
Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.
CVE-2007-3834 1 Exlibris Group 1 Aleph 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835.
CVE-2007-3835 1 Exlibris Group 1 Metalib 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.
CVE-2007-3837 1 Hydrairc 1 Hydrairc 2026-04-23 N/A
Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters.
CVE-2007-3926 1 Ipswitch 1 Imail Server 2026-04-23 N/A
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
CVE-2007-3889 1 Insanely Simple Blog 1 Insanely Simple Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.
CVE-2007-3891 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.