Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0059 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. | ||||
| CVE-2007-0060 | 2 Broadcom, Ca | 24 Advantage Data Transport, Brightstor Portal, Brightstor San Manager and 21 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. | ||||
| CVE-2007-0066 | 1 Microsoft | 6 Home Server, Small Business Server, Windows 2000 and 3 more | 2026-04-23 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." | ||||
| CVE-2007-0068 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. | ||||
| CVE-2007-0069 | 1 Microsoft | 3 Windows 2003 Server, Windows Vista, Windows Xp | 2026-04-23 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." | ||||
| CVE-2007-0075 | 1 Aspbb | 1 Aspbb | 2026-04-23 | N/A |
| AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. | ||||
| CVE-2007-0076 | 1 2enetworx | 1 Openforum | 2026-04-23 | N/A |
| Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. | ||||
| CVE-2007-0077 | 1 Lblog | 1 Lblog | 2026-04-23 | N/A |
| lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. | ||||
| CVE-2007-0078 | 1 Battleblog | 1 Battleblog | 2026-04-23 | N/A |
| BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. | ||||
| CVE-2007-0079 | 1 Rblog | 1 Rblog | 2026-04-23 | N/A |
| rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. | ||||
| CVE-2007-0081 | 1 Sunbelt | 1 Sunbelt Kerio Personal Firewall | 2026-04-23 | N/A |
| Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. | ||||
| CVE-2007-0082 | 1 Imgallery | 1 Imgallery | 2026-04-23 | N/A |
| users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | ||||
| CVE-2007-0083 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan. | ||||
| CVE-2007-0084 | 1 Microsoft | 1 Message Compiler | 2026-04-23 | N/A |
| Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed | ||||
| CVE-2007-0085 | 1 Openbsd | 1 Openbsd | 2026-04-23 | N/A |
| Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. | ||||
| CVE-2007-0087 | 1 Microsoft | 1 Internet Information Server | 2026-04-23 | N/A |
| Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal | ||||
| CVE-2007-0088 | 1 Openmedia | 1 Openmedia | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php. | ||||
| CVE-2007-0089 | 1 Jgbbs | 1 Jgbbs | 2026-04-23 | N/A |
| jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb. | ||||
| CVE-2007-0090 | 1 Fermentigrafici | 1 Wineglass | 2026-04-23 | N/A |
| WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. | ||||
| CVE-2007-0091 | 1 Katy Whitton Web Development | 1 Newscmslite | 2026-04-23 | N/A |
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | ||||