Export limit exceeded: 366429 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366429 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366429 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0449 1 Broadcom 5 Brightstor Arcserve Backup Laptops Desktops, Brightstor Mobile Backup, Business Protection Suite and 2 more 2026-04-23 N/A
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.
CVE-2007-0455 5 Canonical, Fedoraproject, Gd Graphics Library Project and 2 more 9 Ubuntu Linux, Fedora, Gd Graphics Library and 6 more 2026-04-23 N/A
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
CVE-2007-0457 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2007-1605 1 W-agora 1 W-agora 2026-04-23 N/A
w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1.
CVE-2007-2052 2 Python, Redhat 3 Python, Enterprise Linux, Network Satellite 2026-04-23 N/A
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
CVE-2007-2348 2 Alexander V. Lukyanov, Redhat 2 Lftp, Enterprise Linux 2026-04-23 N/A
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
CVE-2007-0458 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
CVE-2007-1608 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
CVE-2007-0467 1 Apple 1 Mac Os X 2026-04-23 N/A
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
CVE-2007-1612 1 Katalog Plyt Audio 1 Katalog Plyt Audio 2026-04-23 N/A
SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter.
CVE-2007-2053 1 Afflib 1 Afflib 2026-04-23 N/A
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
CVE-2007-1613 1 Mpm Chat 1 Mpm Chat 2026-04-23 N/A
Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter.
CVE-2007-1621 1 Lbstone 1 Active Php Bookmark Notes 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
CVE-2006-5247 1 Eazy Cart 1 Eazy Cart 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.
CVE-2006-5248 1 Eazy Cart 1 Eazy Cart 2026-04-23 N/A
Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-0472 1 Smb4k 1 Smb4k 2026-04-23 N/A
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
CVE-2007-2057 1 Aircrack-ng 1 Airodump-ng 2026-04-23 N/A
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
CVE-2007-0480 1 Cisco 1 Ios Transmission Control Protocol 2026-04-23 N/A
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
CVE-2007-1625 1 Realguestbook 1 Realguestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data.
CVE-2007-2350 1 Freepbx 1 Freepbx 2026-04-23 N/A
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.