Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2683 | 2 Mutt, Redhat | 2 Mutt, Enterprise Linux | 2026-04-23 | N/A |
| Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | ||||
| CVE-2007-2684 | 1 Jetbox | 1 Jetbox Cms | 2026-04-23 | N/A |
| Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. | ||||
| CVE-2007-1108 | 1 Cs-gallery | 1 Cs-gallery | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. | ||||
| CVE-2007-0672 | 2 Broadcom, Ca | 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more | 2026-04-23 | N/A |
| LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\. | ||||
| CVE-2008-5089 | 1 Datadynamics | 1 Activereports | 2026-04-23 | N/A |
| Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method. | ||||
| CVE-2007-1002 | 2 Evolution, Redhat | 2 Shared Memo, Enterprise Linux | 2026-04-23 | N/A |
| Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | ||||
| CVE-2007-1124 | 1 Xeroxer | 1 Simple One-file Gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | ||||
| CVE-2007-2760 | 1 Adempiere | 1 Adempiere | 2026-04-23 | N/A |
| The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1691 | 1 Second Sight Software | 1 Activemod | 2026-04-23 | N/A |
| Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2026-04-23 | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | ||||
| CVE-2007-2440 | 1 Caucho Technology | 1 Resin | 2026-04-23 | N/A |
| Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. | ||||
| CVE-2008-1725 | 1 Nsoftware | 1 Ibiz E-banking Integrator | 2026-04-23 | N/A |
| The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1003 | 2 Redhat, X.org | 2 Enterprise Linux, X11 | 2026-04-23 | N/A |
| Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. | ||||
| CVE-2007-3686 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2026-04-23 | N/A |
| CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. | ||||
| CVE-2007-3251 | 1 E-vision | 1 E-vision Cms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php. | ||||
| CVE-2007-1697 | 1 Philex | 1 Philex | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter. | ||||
| CVE-2007-3252 | 1 Portalapp | 1 Portalapp | 2026-04-23 | N/A |
| PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. | ||||
| CVE-2007-3699 | 1 Symantec | 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more | 2026-04-23 | N/A |
| The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. | ||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2026-04-23 | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | ||||
| CVE-2006-5070 | 1 Facestones | 1 Facestones | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsinit][objpath] parameter. | ||||