Export limit exceeded: 352930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352930 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5057 | 1 Netsupport | 1 Netsupport Manager Client | 2026-04-23 | N/A |
| NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager. | ||||
| CVE-2007-5524 | 1 Oracle | 2 Application Server, Collaboration Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9. | ||||
| CVE-2007-5056 | 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more | 6 Adodb Lite, Cms Made Simple, Journalness and 3 more | 2026-04-23 | N/A |
| Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | ||||
| CVE-2007-5055 | 1 Izicontents | 1 Izicontents | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php. | ||||
| CVE-2007-5054 | 1 Izicontents | 1 Izicontents | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/. | ||||
| CVE-2007-5053 | 1 Izicontents | 1 Izicontents | 2026-04-23 | N/A |
| Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL. | ||||
| CVE-2007-5523 | 1 Oracle | 2 Application Server, Collaboration Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08. | ||||
| CVE-2007-5052 | 1 Itcms | 1 Vigile Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with (1) the title parameter or (2) a "title=" sequence in the PATH_INFO, or a request to the download module with (3) the cat parameter or (4) a "cat=" sequence in the PATH_INFO. | ||||
| CVE-2007-5522 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07. | ||||
| CVE-2007-5051 | 1 Phpgedview | 1 Phpgedview | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5050 | 1 Neuron News | 1 Neuron News | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Neuron News 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the q parameter. | ||||
| CVE-2007-5521 | 1 Oracle | 2 Application Server, Collaboration Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06. | ||||
| CVE-2007-5048 | 1 Lhaplus | 1 Lhaplus | 2026-04-23 | N/A |
| Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive. | ||||
| CVE-2007-6349 | 1 Perforce | 1 P4web | 2026-04-23 | N/A |
| P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. | ||||
| CVE-2007-5520 | 1 Oracle | 2 Application Server, Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05. | ||||
| CVE-2007-5047 | 1 Symantec | 1 Norton Internet Security | 2026-04-23 | N/A |
| Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793. | ||||
| CVE-2007-5046 | 1 Icewarp | 1 Merak Mail Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element. | ||||
| CVE-2007-5045 | 2 Apple, Mozilla | 2 Quicktime, Firefox | 2026-04-23 | N/A |
| Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. | ||||
| CVE-2007-6043 | 1 Microsoft | 1 Windows 2000 | 2026-04-23 | N/A |
| The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. | ||||
| CVE-2007-5519 | 1 Oracle | 2 Application Server, Collaboration Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04. | ||||