Export limit exceeded: 13717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2616 | 1 Novell | 1 Netmail | 2026-04-23 | N/A |
| Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2007-2617 | 1 Sun | 2 Net Connect Software, Solaris | 2026-04-23 | N/A |
| srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | ||||
| CVE-2007-2643 | 1 Pinkcrow Designs | 1 Designs Gallery Magazin | 2026-04-23 | N/A |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | ||||
| CVE-2009-3004 | 1 Avant Force | 1 Avant Browser | 2026-04-23 | N/A |
| Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | ||||
| CVE-2006-4391 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. | ||||
| CVE-2007-2620 | 1 Jakub Steiner | 1 Original | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter. | ||||
| CVE-2007-2621 | 1 Extrovert Software | 1 Thyme Calndar | 2026-04-23 | N/A |
| SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||||
| CVE-2007-2623 | 1 Fruit2004 | 1 Remote Display Development Kit | 2026-04-23 | N/A |
| Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll. | ||||
| CVE-2007-2624 | 1 Aiocp | 1 Aiocp | 2026-04-23 | N/A |
| Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2625 | 1 Aiocp | 1 Aiocp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3005 | 1 Lunascape | 1 Lunascape | 2026-04-23 | N/A |
| Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown. | ||||
| CVE-2007-2628 | 1 Justin Koivisto | 1 Phpsecurityadmin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | ||||
| CVE-2007-2629 | 1 Bradford Networks | 1 Campusmanager Network Control Application Server | 2026-04-23 | N/A |
| Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | ||||
| CVE-2007-2631 | 1 Squirrelmail | 1 Squirrelmail | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648. | ||||
| CVE-2007-2632 | 1 Php Multi User Randomizer | 1 Php Multi User Randomizer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]. | ||||
| CVE-2007-2633 | 1 Positive Software | 1 Sitestudio | 2026-04-23 | N/A |
| Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter. | ||||
| CVE-2007-2635 | 1 Interchange Development Group | 1 Interchange | 2026-04-23 | N/A |
| Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. | ||||
| CVE-2009-3006 | 1 Maxthon | 1 Maxthon Browser | 2026-04-23 | N/A |
| Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. | ||||
| CVE-2007-2636 | 1 Jason Frisvold | 1 Phptodo | 2026-04-23 | N/A |
| Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2637 | 2 Moinmoin, Ubuntu | 2 Moinmoin, Ubuntu Linux | 2026-04-23 | N/A |
| MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | ||||