2007 CVEs
6580 CVEs published in 2007. 29 critical, 29 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2007-4773 | Critical | 9.8 | 2020-01-15 | Systrace before 1.6.0 has insufficient escape policy enforcement. |
CVE-2007-0158 | Critical | 9.8 | 2019-12-27 | thttpd 2007 has buffer underflow. |
CVE-2007-6745 | Critical | 9.8 | 2019-11-07 | clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. |
CVE-2007-0899 | Critical | 9.8 | 2019-11-06 | There is a possible heap overflow in libclamav/fsg.c before 0.100.0. |
CVE-2007-6762 | Critical | 9.8 | 2019-07-27 | In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. |
CVE-2007-5341 | Critical | 9.8 | 2017-08-18 | Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. |
CVE-2007-5199 | Critical | 9.8 | 2017-08-18 | A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. |
CVE-2007-6760 | Critical | 9.8 | 2017-04-07 | Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on conn… |
CVE-2007-6759 | Critical | 9.8 | 2017-04-07 | Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on… |
CVE-2007-3652 | Critical | 9.8 | 2008-07-09 | SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id pa… |
CVE-2007-6013 | Critical | 9.8 | 2007-11-19 | Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the M… |
CVE-2007-5775 | Critical | 9.8 | 2007-11-01 | Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the onl… |
CVE-2007-5565 | Critical | 9.8 | 2007-10-18 | PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in th… |
CVE-2007-5097 | Critical | 9.8 | 2007-09-26 | PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbit… |
CVE-2007-3010 | Critical | 9.8 | 2007-09-18 | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary comm… |
CVE-2007-4559 | Critical | 9.8 | 2007-08-28 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to over… |
CVE-2007-4290 | Critical | 9.8 | 2007-08-09 | Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root pa… |
CVE-2007-4043 | Critical | 9.8 | 2007-07-27 | file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name paramete… |
CVE-2007-4039 | Critical | 9.8 | 2007-07-27 | Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and ex… |
CVE-2007-3798 | Critical | 9.8 | 2007-07-16 | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP p… |