Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2683 2 Mutt, Redhat 2 Mutt, Enterprise Linux 2026-04-23 N/A
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
CVE-2007-2684 1 Jetbox 1 Jetbox Cms 2026-04-23 N/A
Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
CVE-2007-1108 1 Cs-gallery 1 Cs-gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
CVE-2007-0672 2 Broadcom, Ca 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more 2026-04-23 N/A
LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.
CVE-2008-5089 1 Datadynamics 1 Activereports 2026-04-23 N/A
Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport, or (3) Canvas.Save method.
CVE-2007-1002 2 Evolution, Redhat 2 Shared Memo, Enterprise Linux 2026-04-23 N/A
Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.
CVE-2007-1124 1 Xeroxer 1 Simple One-file Gallery 2026-04-23 N/A
Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
CVE-2007-2760 1 Adempiere 1 Adempiere 2026-04-23 N/A
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
CVE-2007-1691 1 Second Sight Software 1 Activemod 2026-04-23 N/A
Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-3630 1 Av Scripts 1 Av Tutorial Script 2026-04-23 N/A
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
CVE-2007-2440 1 Caucho Technology 1 Resin 2026-04-23 N/A
Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.
CVE-2008-1725 1 Nsoftware 1 Ibiz E-banking Integrator 2026-04-23 N/A
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.
CVE-2007-1003 2 Redhat, X.org 2 Enterprise Linux, X11 2026-04-23 N/A
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
CVE-2007-3686 1 Masuga Design 1 Unobtrusive Ajax Star Rating Bar 2026-04-23 N/A
CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.
CVE-2007-3251 1 E-vision 1 E-vision Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.
CVE-2007-1697 1 Philex 1 Philex 2026-04-23 N/A
PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.
CVE-2007-3252 1 Portalapp 1 Portalapp 2026-04-23 N/A
PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786.
CVE-2007-3699 1 Symantec 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more 2026-04-23 N/A
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
CVE-2007-1698 1 Philex 1 Philex 2026-04-23 N/A
download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter.
CVE-2006-5070 1 Facestones 1 Facestones 2026-04-23 N/A
PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsinit][objpath] parameter.