Export limit exceeded: 346708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346708 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2729 | 1 Comodo | 2 Comodo Firewall Pro, Comodo Personal Firewall | 2026-04-23 | N/A |
| Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | ||||
| CVE-2007-2731 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898. | ||||
| CVE-2007-2732 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. | ||||
| CVE-2007-2733 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448. | ||||
| CVE-2007-2735 | 1 Touteresa | 1 Resmanager | 2026-04-23 | N/A |
| SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter. | ||||
| CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | ||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2026-04-23 | N/A |
| SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | ||||
| CVE-2007-2739 | 1 Xajax | 1 Xajax | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2740 | 1 Xajax | 1 Xajax | 2026-04-23 | N/A |
| Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS. | ||||
| CVE-2007-2757 | 1 Dean J Robinson | 1 Redoable | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php. | ||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2026-04-23 | N/A |
| Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | ||||
| CVE-2007-2760 | 1 Adempiere | 1 Adempiere | 2026-04-23 | N/A |
| The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2761 | 1 Magiciso | 1 Magiciso | 2026-04-23 | N/A |
| Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file. | ||||
| CVE-2007-2771 | 1 Lead Technologies | 1 Leadtools Jpeg 2000 | 2026-04-23 | N/A |
| Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property. | ||||
| CVE-2007-2773 | 1 Zomplog | 1 Zomplog | 2026-04-23 | N/A |
| SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. | ||||
| CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2026-04-23 | N/A |
| (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | ||||
| CVE-2007-2839 | 1 Debian | 1 Gfax | 2026-04-23 | N/A |
| gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors. | ||||
| CVE-2007-2814 | 1 Pegasus | 1 Imagn Activex Control | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. | ||||
| CVE-2008-5269 | 1 Powie | 1 Psys | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | ||||