Explore CVEs related to Input Validation vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Input Validation CVEs published in 2007. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2007-6596 | ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | 5.0 | 0.31% | 2007-12-31 | 2026-04-23 |
| CVE-2007-6573 | QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. | 7.8 | 0.67% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6558 | TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288. | 4.3 | 12.57% | 2007-12-28 | 2026-04-23 |
| CVE-2007-6534 | Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | 6.8 | 20.83% | 2007-12-27 | 2026-04-23 |
| CVE-2007-6527 | uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. | 5.8 | 0.31% | 2007-12-27 | 2026-04-23 |
| CVE-2007-6509 | Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | 7.8 | 75.53% | 2007-12-21 | 2026-04-23 |
| CVE-2007-4567 | The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | 7.8 | 7.22% | 2007-12-21 | 2026-04-23 |
| CVE-2007-6494 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | 10.0 | 2.30% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6493 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. | 10.0 | 8.08% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6492 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | 7.1 | 0.64% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6488 | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | 6.8 | 5.81% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6242 | Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." | 6.8 | 45.77% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6449 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6121. Reason: This candidate is a duplicate of CVE-2007-6121. Notes: All CVE users should reference CVE-2007-6121 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.69% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.17% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6445 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6117. Reason: This candidate is a duplicate of CVE-2007-6117. Notes: All CVE users should reference CVE-2007-6117 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.69% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6444 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113, Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | N/A | 0.69% | 2007-12-19 | 2023-11-07 |
| CVE-2007-6437 | Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference. | 5.0 | 5.79% | 2007-12-19 | 2026-04-23 |
| CVE-2007-6433 | The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. | 7.5 | 2.43% | 2007-12-18 | 2026-04-23 |
| CVE-2007-6372 | Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. | 7.8 | 2.91% | 2007-12-15 | 2026-04-23 |
| CVE-2007-6371 | Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session. | 7.1 | 0.59% | 2007-12-15 | 2026-04-23 |