Explore CVEs related to Input Validation vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Input Validation CVEs published in 2007. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2007-6326 | Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. | 5.0 | 7.25% | 2007-12-13 | 2026-06-16 |
| CVE-2007-6325 | PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726. | 6.8 | 10.57% | 2007-12-13 | 2026-06-16 |
| CVE-2007-6314 | BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. | 5.0 | 7.21% | 2007-12-11 | 2026-06-16 |
| CVE-2007-6299 | Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | 7.5 | 1.71% | 2007-12-10 | 2026-06-16 |
| CVE-2007-6278 | Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | 9.3 | 2.12% | 2007-12-07 | 2026-06-16 |
| CVE-2007-6271 | Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message. | 5.0 | 2.67% | 2007-12-07 | 2026-06-16 |
| CVE-2007-6263 | The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is | 9.3 | 2.48% | 2007-12-06 | 2026-06-16 |
| CVE-2007-6239 | The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. | 5.0 | 26.86% | 2007-12-04 | 2026-06-16 |
| CVE-2007-6235 | A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904. | 5.0 | 2.77% | 2007-12-04 | 2026-06-16 |
| CVE-2007-6224 | The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method. | 5.0 | 1.52% | 2007-12-04 | 2026-06-16 |
| CVE-2007-6218 | Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors | 5.0 | 4.13% | 2007-12-04 | 2026-06-16 |
| CVE-2007-6207 | Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | 2.1 | 0.35% | 2007-12-03 | 2026-06-16 |
| CVE-2006-7225 | Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. | 4.3 | 1.60% | 2007-12-03 | 2026-06-16 |
| CVE-2007-6179 | Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/. | 7.5 | 7.79% | 2007-11-29 | 2026-06-16 |
| CVE-2007-6178 | Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | 7.5 | 2.44% | 2007-11-29 | 2026-06-16 |
| CVE-2007-6176 | kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | 10.0 | 4.58% | 2007-11-29 | 2026-06-16 |
| CVE-2007-6165 | Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | 9.3 | 44.75% | 2007-11-28 | 2026-06-16 |
| CVE-2007-6146 | Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. | 5.0 | 2.18% | 2007-11-27 | 2026-06-16 |
| CVE-2007-6133 | PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter. | 5.8 | 2.88% | 2007-11-27 | 2026-06-16 |
| CVE-2007-6129 | Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | 5.8 | 3.22% | 2007-11-26 | 2026-06-16 |