Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3836 1 Hydrairc 1 Hydrairc 2026-04-23 N/A
Format string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation.
CVE-2007-3838 1 Tbdev.net 1 Dr 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3839 1 Tbdev.net 1 Dr 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3842 1 8e6 1 R3000 Enterprise Filter 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-2970.
CVE-2007-3843 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.
CVE-2007-3848 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).
CVE-2007-3853 1 Oracle 1 Database Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.
CVE-2006-4392 2 Apple, Next 2 Mac Os X, Openstep 2026-04-23 N/A
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
CVE-2007-3860 1 Oracle 1 Apex 2026-04-23 N/A
Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
CVE-2007-3862 1 Oracle 1 Application Server 2026-04-23 N/A
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.
CVE-2007-3863 1 Oracle 2 Application Server, Collaboration Suite 2026-04-23 N/A
Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02.
CVE-2007-3866 1 Oracle 1 E-business Suite 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.
CVE-2007-3867 1 Oracle 1 E-business Suite 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.
CVE-2007-3869 1 Oracle 1 Peoplesoft Enterprise 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05.
CVE-2007-3870 1 Oracle 1 Peoplesoft Enterprise 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07.
CVE-2007-3875 2 Broadcom, Ca 23 Anti-spyware, Anti-virus For The Enterprise, Anti Virus Sdk and 20 more 2026-04-23 N/A
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
CVE-2007-3881 1 Pictures Rating 1 Pictures Rating 2026-04-23 N/A
SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
CVE-2007-3883 1 Datadynamics 1 Activebar 2026-04-23 N/A
The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
CVE-2007-3926 1 Ipswitch 1 Imail Server 2026-04-23 N/A
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
CVE-2007-3888 1 Insanely Simple Blog 1 Insanely Simple Blog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.