Export limit exceeded: 366570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0295 1 Oracle 2 Enterpriseone, Peoplesoft Enterprise 2026-04-23 N/A
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.
CVE-2007-2382 1 Mad4milk 1 Moo.fx 2026-04-23 N/A
The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVE-2007-2532 1 Obie Website 1 Mini Web Shop 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
CVE-2007-2593 1 Microsoft 2 Terminal Server, Windows 2003 Server 2026-04-23 N/A
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
CVE-2007-2814 1 Pegasus 1 Imagn Activex Control 2026-04-23 N/A
Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.
CVE-2007-2956 2 Pfstools, Qtpfsgui 2 Pfstools, Qtpfsgui 2026-04-23 N/A
Stack-based buffer overflow in the readRadianceHeader function in (1) src/fileformat/rgbeio.cpp in pfstools 1.6.2 and (2) src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
CVE-2007-3187 1 Apple 1 Safari 2026-04-23 N/A
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-3314 1 Altap 2 Portable Executable Viewer, Servant Salamander 2026-04-23 N/A
Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.
CVE-2007-3330 1 Stphp 1 Easynews 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.
CVE-2007-3345 1 Php Accounts 1 Php Accounts 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter.
CVE-2007-3368 1 Polycom 1 Soundpoint Ip 650 2026-04-23 N/A
Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.
CVE-2007-3495 1 Sap 2 Sap Basis Component 640, Sap Basis Component 700 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.
CVE-2007-3523 1 Groupeclan.free.fr 1 Xcms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter.
CVE-2007-3546 1 Nessus 1 Nessus 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2009 3 Canonical, Redhat, Xiph.org 3 Ubuntu Linux, Enterprise Linux, Libvorbis 2026-04-23 N/A
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
CVE-2007-3598 1 Vtiger 1 Vtiger Crm 2026-04-23 N/A
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
CVE-2007-3673 1 Symantec 6 Client Security, Norton Antispam, Norton Antivirus and 3 more 2026-04-23 N/A
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
CVE-2007-3713 1 Konst 1 Centericq 2026-04-23 N/A
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.
CVE-2007-3764 1 Asterisk 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more 2026-04-23 N/A
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
CVE-2007-0682 1 Jv2 1 Folder Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter.