Export limit exceeded: 348025 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348025 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-0180 | 1 Ef Software | 1 Ef Commander | 2026-04-23 | N/A |
| Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow. | ||||
| CVE-2007-1993 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." | ||||
| CVE-2007-0181 | 1 Scriptaty | 1 Magic Photo Storage Website | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter. | ||||
| CVE-2007-1994 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. | ||||
| CVE-2007-0182 | 1 Scriptaty | 1 Magic Photo Storage Website | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date. | ||||
| CVE-2007-0183 | 1 Sun | 1 Iplanet Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-1995 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2026-04-23 | N/A |
| bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | ||||
| CVE-2007-0184 | 1 Getahead | 1 Direct Web Remoting | 2026-04-23 | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. | ||||
| CVE-2007-0189 | 1 Geobb | 1 Georgian Bulletin Board | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value | ||||
| CVE-2007-0197 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. | ||||
| CVE-2007-1996 | 1 Codebreak | 1 Codebreak | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter. | ||||
| CVE-2007-2893 | 1 Bochs Project | 1 Bochs | 2026-04-23 | N/A |
| Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow." | ||||
| CVE-2007-3186 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | ||||
| CVE-2007-3421 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2026-04-23 | N/A |
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | ||||
| CVE-2007-1997 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. | ||||
| CVE-2007-0198 | 1 Cisco | 4 Ip Contact Center Enterprise, Ip Contact Center Hosted, Unified Contact Center Enterprise and 1 more | 2026-04-23 | N/A |
| The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. | ||||
| CVE-2007-0200 | 1 Geoffrey Golliher | 1 Axiom Photo News Gallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. | ||||
| CVE-2007-0201 | 1 Tis | 1 Internet Firewall Toolkit | 2026-04-23 | N/A |
| Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). | ||||