Export limit exceeded: 357004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357004 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0381 | 2 Bazaarbuilder, Joomla | 2 Ecommerce Shopping Cart, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php. | ||||
| CVE-2009-0380 | 3 Joomla, Mambo-foundation, Sigsiu.net | 3 Joomla, Mambo, Sobi2 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2 | ||||
| CVE-2007-3387 | 7 Apple, Canonical, Debian and 4 more | 7 Cups, Ubuntu Linux, Debian Linux and 4 more | 2026-04-23 | N/A |
| Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | ||||
| CVE-2007-4065 | 2 Redhat, Xiph.org | 2 Enterprise Linux, Libvorbis | 2026-04-23 | N/A |
| lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. | ||||
| CVE-2007-4081 | 1 Alstrasoft | 1 Affiliate Network Pro | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1. | ||||
| CVE-2008-3520 | 2 Jasper Project, Redhat | 3 Jasper, Enterprise Linux, Rhev Manager | 2026-04-23 | N/A |
| Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | ||||
| CVE-2007-4096 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2007-4098 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams. | ||||
| CVE-2007-4496 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors. | ||||
| CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2026-04-23 | N/A |
| Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | ||||
| CVE-2007-4991 | 1 Microsoft | 1 Isa Server | 2026-04-23 | N/A |
| The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. | ||||
| CVE-2007-6015 | 2 Redhat, Samba | 3 Enterprise Linux, Rhel Eus, Samba | 2026-04-23 | N/A |
| Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | ||||
| CVE-2007-5020 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2026-04-23 | N/A |
| Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. | ||||
| CVE-2007-5024 | 1 Emc | 1 Vmware Server | 2026-04-23 | N/A |
| EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. | ||||
| CVE-2007-5025 | 1 Vmware | 1 Ace | 2026-04-23 | N/A |
| Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user." | ||||
| CVE-2007-5026 | 1 Dblog | 1 Dblog Cms | 2026-04-23 | N/A |
| dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb. | ||||
| CVE-2007-5027 | 1 Level One | 1 Wbr3404tx | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter. | ||||
| CVE-2007-5028 | 1 Dibbler | 1 Dibbler | 2026-04-23 | N/A |
| Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | ||||
| CVE-2007-6205 | 1 S9y | 1 Serendipity | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. | ||||
| CVE-2007-5029 | 1 Dibbler | 1 Dibbler | 2026-04-23 | N/A |
| Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options. | ||||