Export limit exceeded: 362577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1155 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. | ||||
| CVE-2007-4566 | 1 Alpha Centauri Software | 1 Sidvault Ldap Server | 2026-04-23 | N/A |
| Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind. | ||||
| CVE-2007-4565 | 2 Fetchmail, Redhat | 2 Fetchmail, Enterprise Linux | 2026-04-23 | N/A |
| sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. | ||||
| CVE-2007-4564 | 1 Hitachi | 7 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Electronic Form Workflow - Standard Set and 4 more | 2026-04-23 | N/A |
| Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges. | ||||
| CVE-2007-1154 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | ||||
| CVE-2006-5245 | 1 Eazy Cart | 1 Eazy Cart | 2026-04-23 | N/A |
| Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/. | ||||
| CVE-2007-4561 | 1 Realnetworks | 1 Helix Dna Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. | ||||
| CVE-2007-1135 | 1 Sourceforge | 1 Webmplayer | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. | ||||
| CVE-2007-4135 | 2 Nfsv4, Redhat | 2 Nfsidmap, Enterprise Linux | 2026-04-23 | N/A |
| The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client. | ||||
| CVE-2007-4156 | 1 Woliocms | 1 Woliocms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php. | ||||
| CVE-2007-4157 | 1 Phpblogger | 1 Php-blogger | 2026-04-23 | N/A |
| PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version. | ||||
| CVE-2007-4158 | 1 Tibco | 1 Rendezvous | 2026-04-23 | N/A |
| Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830. | ||||
| CVE-2007-4160 | 1 Tibco | 1 Rendezvous | 2026-04-23 | N/A |
| The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. | ||||
| CVE-2007-4209 | 1 Aceboard | 1 Aceboard Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-4188 | 1 Joomla | 1 Joomla\! | 2026-04-23 | N/A |
| Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors. | ||||
| CVE-2007-4189 | 1 Joomla | 1 Joomla\! | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4190 | 1 Joomla | 1 Joomla\! | 2026-04-23 | N/A |
| CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4191 | 1 Panda | 1 Panda Antivirus | 2026-04-23 | N/A |
| Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. | ||||
| CVE-2007-4192 | 1 Ide Group | 1 Dvd Rental System Drs | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | ||||
| CVE-2007-4196 | 1 Brian Carrier | 1 The Slueth Kit | 2026-04-23 | N/A |
| icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image. | ||||