Export limit exceeded: 348055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0045 | 2 Adobe, Redhat | 4 Acrobat, Acrobat 3d, Acrobat Reader and 1 more | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | ||||
| CVE-2007-2856 | 2 Dart, Microsoft | 2 Powertcp Zip Compression, Internet Explorer | 2026-04-23 | N/A |
| Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855. | ||||
| CVE-2007-3169 | 1 Edraw | 1 Office Viewer Component | 2026-04-23 | N/A |
| Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method. | ||||
| CVE-2007-0046 | 2 Adobe, Redhat | 2 Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | ||||
| CVE-2007-2857 | 1 Zakkis Technology Corporation | 1 Php Excel Parser | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter. | ||||
| CVE-2007-3170 | 1 Uebimiau | 1 Uebimiau | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | ||||
| CVE-2007-0047 | 1 Adobe | 1 Acrobat Reader | 2026-04-23 | N/A |
| CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | ||||
| CVE-2007-1937 | 1 Dreamcodes | 1 Scorp Book | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | ||||
| CVE-2007-2858 | 1 Phpbb | 1 Ip-tracking | 2026-04-23 | N/A |
| SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. | ||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2026-04-23 | N/A |
| Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | ||||
| CVE-2007-3409 | 4 Canonical, Debian, Net-dns and 1 more | 4 Ubuntu Linux, Debian Linux, Net\ and 1 more | 2026-04-23 | 7.5 High |
| Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | ||||
| CVE-2007-1938 | 1 Ichitaro | 1 Ichitaro | 2026-04-23 | N/A |
| Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS). | ||||
| CVE-2007-0048 | 1 Adobe | 3 Acrobat, Acrobat 3d, Acrobat Reader | 2026-04-23 | N/A |
| Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." | ||||
| CVE-2007-0049 | 1 Geckovich | 2 Tasktracker, Tasktracker Pro | 2026-04-23 | N/A |
| Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | ||||
| CVE-2007-1940 | 1 Ibm | 1 Tivoli Business Service Manager | 2026-04-23 | N/A |
| IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log. | ||||
| CVE-2007-2859 | 1 Simpgb | 1 Simpgb | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts. | ||||
| CVE-2007-3172 | 1 Uebimiau | 1 Uebimiau | 2026-04-23 | N/A |
| Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. | ||||
| CVE-2007-3411 | 1 Clicktech | 1 Clickgallery | 2026-04-23 | N/A |
| SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | ||||
| CVE-2007-0050 | 1 Openpinboard | 1 Openpinboard | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete | ||||
| CVE-2007-1946 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. | ||||