Export limit exceeded: 367002 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367002 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367002 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1054 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. | ||||
| CVE-2007-1058 | 1 Online Web Building | 1 Online Web Building | 2026-04-23 | N/A |
| SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. | ||||
| CVE-2007-1060 | 1 Interspire | 1 Sendstudio | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/. | ||||
| CVE-2007-1065 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2026-04-23 | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836. | ||||
| CVE-2007-1066 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2026-04-23 | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. | ||||
| CVE-2007-1089 | 3 Ibm, Linux, Microsoft | 3 Db2 Universal Database, Linux Kernel, Windows Xp | 2026-04-23 | N/A |
| IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. | ||||
| CVE-2007-1090 | 1 Microsoft | 3 Windows 2003 Server, Windows Explorer, Windows Xp | 2026-04-23 | N/A |
| Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. | ||||
| CVE-2007-1091 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. | ||||
| CVE-2007-1092 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | ||||
| CVE-2007-1112 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2026-04-23 | N/A |
| Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | ||||
| CVE-2007-1117 | 1 Microsoft | 1 Publisher | 2026-04-23 | N/A |
| Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. | ||||
| CVE-2008-0034 | 1 Apple | 2 Iphone, Iphone Os | 2026-04-23 | N/A |
| Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | ||||
| CVE-2007-1168 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). | ||||
| CVE-2007-1169 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. | ||||
| CVE-2007-1174 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1175 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-1176 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. | ||||
| CVE-2007-1225 | 1 Grok Developments | 1 Netproxy | 2026-04-23 | N/A |
| The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection. | ||||
| CVE-2007-1226 | 1 Mcafee | 1 Virex | 2026-04-23 | N/A |
| McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. | ||||
| CVE-2007-1232 | 1 Sqlite Manager | 1 Sqlite Manager | 2026-04-23 | N/A |
| Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie. | ||||