Export limit exceeded: 349895 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349895 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | ||||
| CVE-2007-4922 | 2 Jeuxflash, Kwsphp | 2 Jeuxflash Module, Kwsphp | 2026-04-23 | N/A |
| SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information. | ||||
| CVE-2007-4615 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | ||||
| CVE-2007-4923 | 1 Joomla | 1 Joomla Radio | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2007-4616 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. | ||||
| CVE-2007-4924 | 3 Ekiga, Openh323 Project, Redhat | 3 Ekiga, Openh323, Enterprise Linux | 2026-04-23 | N/A |
| The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address." | ||||
| CVE-2007-5048 | 1 Lhaplus | 1 Lhaplus | 2026-04-23 | N/A |
| Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive. | ||||
| CVE-2007-5105 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. | ||||
| CVE-2007-4618 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. | ||||
| CVE-2007-5050 | 1 Neuron News | 1 Neuron News | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Neuron News 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the q parameter. | ||||
| CVE-2007-5106 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. | ||||
| CVE-2007-4619 | 3 Flac, Nullsoft, Redhat | 3 Libflac, Winamp, Enterprise Linux | 2026-04-23 | N/A |
| Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | ||||
| CVE-2007-4620 | 2 Broadcom, Ca | 4 Anti-virus For The Enterprise, Brightstor Arcserve Backup, Brightstor Arcserve Backup and 1 more | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests. | ||||
| CVE-2007-4627 | 1 Algera | 1 Abc Estore | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-4628 | 1 Phpns | 1 Phpns | 2026-04-23 | N/A |
| SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4630 | 1 Xigla | 1 Absolute Poll Manager Xe | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-5042 | 1 Agnitum | 1 Outpost Firewall | 2026-04-23 | N/A |
| Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160. | ||||
| CVE-2007-4906 | 1 Nuclearbb | 1 Nuclearbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2007-4596 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. | ||||
| CVE-2007-4592 | 1 Ibm | 1 Rational Clearquest | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component. | ||||