Export limit exceeded: 351956 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29930 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4424 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. | ||||
| CVE-2007-4399 | 1 Irssi | 1 Irssi | 2026-04-23 | N/A |
| CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||
| CVE-2009-2165 | 1 Serendipitynz | 1 Serene Bach | 2026-04-23 | N/A |
| SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | ||||
| CVE-2006-7201 | 1 Emc | 1 Rsa Security Sitekey | 2026-04-23 | N/A |
| EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. | ||||
| CVE-2007-1354 | 2 Jboss, Redhat | 2 Jboss Application Server, Jboss Application Server | 2026-04-23 | N/A |
| The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode. | ||||
| CVE-2009-0770 | 1 Dkim | 1 Dkim-milter | 2026-04-23 | N/A |
| dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a denial of service (crash) by signing a message with a key that has been revoked in DNS, which triggers an assertion error. | ||||
| CVE-2007-1023 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-23 | N/A |
| SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-0961 | 1 Apple | 2 Iphone Os, Ipod Touch | 2026-04-23 | N/A |
| The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. | ||||
| CVE-2007-4228 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument. | ||||
| CVE-2009-0629 | 1 Cisco | 2 Ios, Ios Xr | 2026-04-23 | N/A |
| The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets. | ||||
| CVE-2008-5329 | 1 Ibm | 1 Rational Clearquest | 2026-04-23 | N/A |
| ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file. | ||||
| CVE-2007-4201 | 1 Guidance Software | 1 Encase | 2026-04-23 | N/A |
| Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035. | ||||
| CVE-2009-0389 | 1 Eztools-software | 1 Web On Windows Activex | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code. | ||||
| CVE-2009-0253 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack. | ||||
| CVE-2007-0120 | 1 Acunetix | 1 Web Vulnerability Scanner | 2026-04-23 | N/A |
| Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. | ||||
| CVE-2006-3887 | 1 Aol | 1 Ygp Screensaver Activex Control | 2026-04-23 | N/A |
| Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-1019 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. | ||||
| CVE-2009-3005 | 1 Lunascape | 1 Lunascape | 2026-04-23 | N/A |
| Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | ||||
| CVE-2006-6650 | 1 Mxbb | 1 Mxbb Charts | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2007-3748 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. | ||||