Export limit exceeded: 355977 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355977 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3668 | 1 Numedia Soft Inc | 1 Nmsdvdx Dvd Burning Sdk | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via "improperly initialized" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables. | ||||
| CVE-2006-5559 | 1 Microsoft | 4 Data Access Components, Windows 2000, Windows 2003 Server and 1 more | 2026-04-23 | N/A |
| The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. | ||||
| CVE-2007-1302 | 1 Li-scripts | 1 Li-guestbook | 2026-04-23 | N/A |
| SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected. | ||||
| CVE-2007-2519 | 1 Php Group | 1 Pear | 2026-04-23 | N/A |
| Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. | ||||
| CVE-2006-5560 | 1 Boesch It-consulting | 1 Progsys | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1303 | 1 Rrdbrowse | 1 Rrdbrowse | 2026-04-23 | N/A |
| Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. | ||||
| CVE-2006-5563 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. | ||||
| CVE-2007-2521 | 1 E-gads | 1 E-gads | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | ||||
| CVE-2007-3087 | 1 Peercast | 1 Peercast | 2026-04-23 | N/A |
| Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information. | ||||
| CVE-2007-3356 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php. | ||||
| CVE-2007-3529 | 1 Phpdirector | 1 Phpdirector | 2026-04-23 | N/A |
| videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. | ||||
| CVE-2007-3669 | 1 Innovasys | 1 Dockstudioxp | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via "improper use" of the SaveToFile function. | ||||
| CVE-2007-3751 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. | ||||
| CVE-2007-1305 | 1 Savas Place | 1 Savas Guestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters. | ||||
| CVE-2007-2522 | 1 Broadcom | 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol | 2026-04-23 | N/A |
| Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | ||||
| CVE-2007-3088 | 1 Gaya Design | 1 Comicsense | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter. | ||||
| CVE-2007-3357 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2026-04-23 | N/A |
| NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors. | ||||
| CVE-2007-3530 | 1 Phpdirector | 1 Phpdirector | 2026-04-23 | N/A |
| PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. | ||||