Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5500 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2006-6547 1 Mlipod 1 Winamp Ipod Plugin 2026-04-23 N/A
Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file.
CVE-2007-3187 1 Apple 1 Safari 2026-04-23 N/A
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-3182 1 Vincent Hor 1 Calendarix 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
CVE-2006-6566 1 Mxbb 1 Mxbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-3173 1 Almnzm 1 Almnzm 2026-04-23 N/A
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters.
CVE-2007-3171 1 Uebimiau 1 Uebimiau 2026-04-23 N/A
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
CVE-2006-6617 1 Microsoft 1 Project Server 2026-04-23 N/A
projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
CVE-2007-5584 1 Cisco 3 7600 Router, Catalyst 6500, Firewall Services Module 2026-04-23 N/A
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."
CVE-2007-3167 1 Vivotek 1 Mjpegcontrol 2026-04-23 N/A
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
CVE-2006-6635 1 Jumbacms 1 Jumbacms 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
CVE-2007-5591 1 Nortel 6 Communications Server, Meridian Option 11c, Meridian Option 51c and 3 more 2026-04-23 N/A
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.
CVE-2007-3165 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
CVE-2007-3164 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
CVE-2007-5639 1 Nortel 15 Ip Audio Conference Phone 2033, Ip Phone 1110, Ip Phone 1120e and 12 more 2026-04-23 N/A
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.
CVE-2007-3163 1 Frederico Caldeira Knabben 1 Fckeditor 2026-04-23 N/A
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
CVE-2006-6839 1 Phpbb Group 1 Phpbb 2026-04-23 N/A
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
CVE-2006-6844 1 Cmsmadesimple 1 Cms Made Simple 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.
CVE-2006-6906 1 Apple 1 Mac Os X 2026-04-23 N/A
Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.
CVE-2007-3159 1 Miniweb Http Server 1 Miniweb Http Server 2026-04-23 N/A
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.