Export limit exceeded: 29932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0233 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. | ||||
| CVE-2009-3274 | 3 Linux, Mozilla, Redhat | 3 Linux Kernel, Firefox, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0085 | 1 Openbsd | 1 Openbsd | 2026-04-23 | N/A |
| Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. | ||||
| CVE-2007-1497 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | ||||
| CVE-2007-3430 | 1 Simple Invoices | 1 Simple Invoices | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action. | ||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2026-04-23 | N/A |
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | ||||
| CVE-2006-5962 | 1 Hpecs Shopping Cart | 1 Hpecs Shopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp. | ||||
| CVE-2007-2917 | 1 Authentium | 1 Command Antivirus | 2026-04-23 | N/A |
| Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-3431 | 1 Valerio Capello | 1 Dagger - The Cutting Edge | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter. | ||||
| CVE-2009-3276 | 1 Nasd | 1 Corenet1 | 2026-04-23 | N/A |
| Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability. | ||||
| CVE-2007-2918 | 1 Logitech | 1 Videocall | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. | ||||
| CVE-2009-3277 | 1 Xenu By | 1 Datavault | 2026-04-23 | N/A |
| DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability. | ||||
| CVE-2007-3433 | 1 Netart Media | 1 Pharmacy System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action. | ||||
| CVE-2009-4587 | 1 Cherokee | 1 Cherokee | 2026-04-23 | N/A |
| Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word. | ||||
| CVE-2009-3295 | 1 Mit | 1 Kerberos 5 | 2026-04-23 | N/A |
| The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request. | ||||
| CVE-2009-1663 | 1 Easy-scripts | 1 Answer And Question Script | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username] directory. | ||||
| CVE-2007-0240 | 2 Redhat, Zope | 2 Rhel Cluster, Zope | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. | ||||
| CVE-2007-0242 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2026-04-23 | N/A |
| The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. | ||||
| CVE-2007-0244 | 2 Debian, Poptop | 2 Debian Linux, Pptp Server | 2026-04-23 | N/A |
| pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. | ||||
| CVE-2007-2921 | 1 Corel | 1 Activecgm Browser | 2026-04-23 | N/A |
| Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. | ||||