Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2969 | 1 Wanewsletter | 1 Wanewsletter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter. | ||||
| CVE-2007-3022 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2026-04-23 | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. | ||||
| CVE-2007-3065 | 1 Particle Soft | 1 Particle Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. | ||||
| CVE-2007-3101 | 1 Apache | 1 Myfaces Tomahawk | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client. | ||||
| CVE-2007-3145 | 1 Galeon | 1 Galeon Browser | 2026-04-23 | N/A |
| Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
| CVE-2007-3710 | 1 Php Comet-server | 1 Php Comet-server | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter. | ||||
| CVE-2007-3770 | 1 Os-cillation | 1 Xfce Terminal | 2026-04-23 | N/A |
| The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality. | ||||
| CVE-2007-3813 | 1 Mkportal | 1 Noboard Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. | ||||
| CVE-2007-3848 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). | ||||
| CVE-2007-3923 | 1 Cisco | 3 Wide Area Application Engine, Wide Area Application Engine Nm-wae-502, Wide Area Application Services | 2026-04-23 | N/A |
| The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445. | ||||
| CVE-2007-3966 | 1 Iexpress | 1 Munch Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880. | ||||
| CVE-2007-4546 | 1 X-diesel | 1 Unreal Commander | 2026-04-23 | N/A |
| Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. | ||||
| CVE-2007-5500 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0591 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". | ||||
| CVE-2009-0072 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. | ||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2026-04-23 | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | ||||
| CVE-2009-4080 | 1 Sun | 2 Opensolaris, Sunos | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. | ||||
| CVE-2008-4863 | 1 Blender | 1 Blender | 2026-04-23 | N/A |
| Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. | ||||
| CVE-2008-4830 | 1 Sap | 1 Sap Gui | 2026-04-23 | N/A |
| Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method. | ||||
| CVE-2006-6280 | 1 O2php.com | 1 Oxygen | 2026-04-23 | N/A |
| SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572. | ||||