Export limit exceeded: 349366 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349366 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3805 | 1 Clavister | 1 Clavister Coreplus | 2026-04-23 | N/A |
| The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates. | ||||
| CVE-2007-3806 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. | ||||
| CVE-2007-3807 | 1 Sitescape | 1 Sitescape Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. | ||||
| CVE-2007-3808 | 1 Php Arena | 1 Pafiledb | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. | ||||
| CVE-2007-3809 | 1 Prozilla | 1 Prozilla Directory Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | ||||
| CVE-2007-3810 | 1 It747 | 1 Realtor 747 | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | ||||
| CVE-2007-3811 | 1 Esyndicat | 1 Esyndicat Directory | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. | ||||
| CVE-2007-3812 | 1 Cmscout | 1 Cmscout | 2026-04-23 | N/A |
| SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php. | ||||
| CVE-2007-3813 | 1 Mkportal | 1 Noboard Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. | ||||
| CVE-2007-4647 | 1 2coolcode | 1 Our Space | 2026-04-23 | N/A |
| newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi. | ||||
| CVE-2007-5131 | 1 Interspire | 1 Activekb Nx | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected. | ||||
| CVE-2007-3814 | 1 Mkportal | 1 Mkportal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. | ||||
| CVE-2007-4648 | 1 Norman | 1 Norman Virus Control | 2026-04-23 | N/A |
| The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations. | ||||
| CVE-2007-3820 | 2 Kde, Redhat | 2 Konqueror, Enterprise Linux | 2026-04-23 | N/A |
| konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | ||||
| CVE-2007-3822 | 1 Citadel | 1 Webcit | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names. | ||||
| CVE-2007-5132 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts." | ||||
| CVE-2007-3825 | 2 Broadcom, Ca | 8 Alert Notification Server, Brightstor Arcserve Backup, Brightstor Enterprise Backup and 5 more | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures. | ||||
| CVE-2007-3826 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. | ||||
| CVE-2007-3827 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window. | ||||
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | ||||