CVE List by Type: Input Validation (Filtered by Published Year)

Explore CVEs related to Input Validation vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing Input Validation CVEs published in 2007. View full CVE list

Showing 6180 of 241 results
«« First « Prev Page 4 / 13 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2007-5893 HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information. 5.0 2.18% 2007-11-07 2026-06-16
CVE-2007-5832 Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information. 7.5 1.36% 2007-11-05 2026-06-16
CVE-2007-5830 Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." 7.8 1.62% 2007-11-05 2026-06-16
CVE-2007-5824 webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. 7.1 5.59% 2007-11-05 2026-06-16
CVE-2007-5810 Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. 5.0 0.78% 2007-11-05 2026-06-16
CVE-2007-5738 The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html. 6.8 1.34% 2007-10-30 2026-06-16
CVE-2007-5737 Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request. 7.5 2.38% 2007-10-30 2026-06-16
CVE-2007-5736 Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS. 6.4 1.32% 2007-10-30 2026-06-16
CVE-2007-5734 Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html. 6.4 1.36% 2007-10-30 2026-06-16
CVE-2007-5733 Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information. 7.5 2.38% 2007-10-30 2026-06-16
CVE-2007-5711 Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000. 5.0 1.75% 2007-10-30 2026-06-16
CVE-2007-4999 libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. 4.3 1.81% 2007-10-29 2026-06-16
CVE-2007-5691 ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer." 4.3 1.13% 2007-10-29 2026-06-16
CVE-2007-5340 Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. 4.3 3.43% 2007-10-21 2026-06-16
CVE-2007-5339 Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. 4.3 3.43% 2007-10-21 2026-06-16
CVE-2007-5570 Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. 7.8 3.22% 2007-10-18 2026-06-16
CVE-2007-5569 Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120. 7.1 1.68% 2007-10-18 2026-06-16
CVE-2007-5568 Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM). 7.1 2.18% 2007-10-18 2026-06-16
CVE-2007-5563 Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors. 7.5 1.36% 2007-10-18 2026-06-16
CVE-2007-5557 Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. 7.8 1.47% 2007-10-18 2026-06-16
«« First « Prev Page 4 / 13 Next »
cvelogic Threat Intelligence