CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2007-4695 Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | N/A | NONE | — | 0 |
| CVE-2007-4696 Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | N/A | NONE | — | 0 |
| CVE-2007-4697 Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors... | N/A | NONE | — | 0 |
| CVE-2007-4699 The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user,... | N/A | NONE | — | 0 |
| CVE-2007-4700 Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unkno... | N/A | NONE | — | 0 |
| CVE-2007-4701 WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | N/A | NONE | — | 0 |
| CVE-2006-7230 Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options c... | N/A | NONE | — | 0 |
| CVE-2007-4702 The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote... | N/A | NONE | — | 0 |
| CVE-2007-4703 The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, ... | N/A | NONE | — | 0 |
| CVE-2007-4704 The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intend... | N/A | NONE | — | 0 |
| CVE-2007-5501 The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via... | N/A | NONE | — | 0 |
| CVE-2007-5905 Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN ... | N/A | NONE | — | 0 |
| CVE-2007-4344 Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary cod... | N/A | NONE | — | 0 |
| CVE-2025-7881 A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulatio... | 2.7 | LOW | — | 0 |
| CVE-2007-5990 Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website p... | N/A | NONE | — | 0 |
| CVE-2007-5991 SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. | N/A | NONE | — | 0 |
| CVE-2007-5992 SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s... | N/A | NONE | — | 0 |
| CVE-2007-5993 Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searc... | N/A | NONE | — | 0 |
| CVE-2007-5994 PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a ... | N/A | NONE | — | 0 |
| CVE-2006-5605 Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspec... | N/A | NONE | — | 0 |
| CVE-2007-5995 PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter. | N/A | NONE | — | 0 |
| CVE-2007-5996 SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. | N/A | NONE | — | 0 |
| CVE-2007-5997 SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | N/A | NONE | — | 0 |
| CVE-2007-5998 SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter. | N/A | NONE | — | 0 |
| CVE-2007-5999 SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | — | 0 |
| CVE-2007-6000 KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. | N/A | NONE | — | 0 |
| CVE-2007-6001 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid pa... | N/A | NONE | — | 0 |
| CVE-2007-6002 Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field... | N/A | NONE | — | 0 |
| CVE-2007-6003 Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. ... | N/A | NONE | — | 0 |
| CVE-2007-6004 Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter... | N/A | NONE | — | 0 |
| CVE-2007-6005 Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argume... | N/A | NONE | — | 0 |
| CVE-2007-6006 TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | N/A | NONE | — | 0 |
| CVE-2007-6007 Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute a... | N/A | NONE | — | 0 |
| CVE-2007-6008 Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type he... | N/A | NONE | — | 0 |
| CVE-2007-6009 Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. ... | N/A | NONE | — | 0 |
| CVE-2007-6010 Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this i... | N/A | NONE | — | 0 |
| CVE-2007-6011 Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the... | N/A | NONE | — | 0 |
| CVE-2007-4572 Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailsl... | N/A | NONE | — | 0 |
| CVE-2007-5398 Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbi... | N/A | NONE | — | 0 |
| CVE-2007-6012 SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these ... | N/A | NONE | — | 0 |
| CVE-2007-6013 Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gene... | 9.8 | CRITICAL | — | 0 |
| CVE-2007-6025 Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. | N/A | NONE | — | 0 |
| CVE-2007-6026 Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary cod... | N/A | NONE | — | 0 |
| CVE-2007-6027 PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL... | N/A | NONE | — | 0 |
| CVE-2007-6028 Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrar... | N/A | NONE | — | 0 |
| CVE-2007-5500 The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via un... | N/A | NONE | — | 0 |
| CVE-2007-6029 Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnera... | N/A | NONE | — | 0 |
| CVE-2007-6030 Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales or... | N/A | NONE | — | 0 |
| CVE-2007-6031 Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerabilit... | N/A | NONE | — | 0 |
| CVE-2007-6032 SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.