Export limit exceeded: 346386 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346386 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346386 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4567 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2026-04-23 | N/A |
| The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | ||||
| CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2026-04-23 | N/A |
| Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | ||||
| CVE-2007-4571 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. | ||||
| CVE-2006-5246 | 1 Eazy Cart | 1 Eazy Cart | 2026-04-23 | N/A |
| Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information. | ||||
| CVE-2007-1155 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. | ||||
| CVE-2007-2446 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). | ||||
| CVE-2007-3646 | 1 Flashgamescript | 1 Flashgamescript | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. | ||||
| CVE-2006-5247 | 1 Eazy Cart | 1 Eazy Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information. | ||||
| CVE-2007-1156 | 1 Man Machine Systems | 1 Jbrowser | 2026-04-23 | N/A |
| JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/. | ||||
| CVE-2007-2447 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-23 | N/A |
| The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. | ||||
| CVE-2007-3058 | 1 Madirish Webmail | 1 Madirish Webmail | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3312 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | ||||
| CVE-2007-3504 | 2 Microsoft, Sun | 4 Windows, Jdk, Jre and 1 more | 2026-04-23 | N/A |
| Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | ||||
| CVE-2006-5249 | 1 Tagit | 1 Tagboard | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter. | ||||
| CVE-2007-1157 | 1 Jboss | 1 Jboss | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | ||||
| CVE-2007-2450 | 2 Apache, Redhat | 4 Tomcat, Enterprise Linux, Network Satellite and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. | ||||
| CVE-2007-4597 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549. | ||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2026-04-23 | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | ||||
| CVE-2007-4600 | 1 Ptc | 1 Mathcad | 2026-04-23 | N/A |
| The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element. | ||||
| CVE-2006-5254 | 1 Mamboxchange | 1 Extended Registration | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||