Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3939 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2007-2691 | 4 Canonical, Debian, Mysql and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2026-04-23 | N/A |
| MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | ||||
| CVE-2009-3484 | 1 Coreftp | 1 Core Ftp | 2026-04-23 | N/A |
| Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3377 | 2 Nlnet Labs, Redhat | 2 Net Dns, Enterprise Linux | 2026-04-23 | N/A |
| Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin. | ||||
| CVE-2007-3384 | 1 Apache | 1 Tomcat | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. | ||||
| CVE-2007-3941 | 1 Jasmine | 1 Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3391 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. | ||||
| CVE-2007-3400 | 1 Nctsoft | 2 Nctaudioeditor, Nctaudiostudio | 2026-04-23 | N/A |
| The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method. | ||||
| CVE-2007-3942 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use | ||||
| CVE-2007-3406 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. | ||||
| CVE-2007-3943 | 1 Adaptive Business Design | 1 Infinite Responder | 2026-04-23 | N/A |
| SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3407 | 1 Sergey Lyubka | 1 Simple Httpd | 2026-04-23 | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). | ||||
| CVE-2006-6535 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable. | ||||
| CVE-2007-3409 | 4 Canonical, Debian, Net-dns and 1 more | 4 Ubuntu Linux, Debian Linux, Net\ and 1 more | 2026-04-23 | 7.5 High |
| Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | ||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | ||||
| CVE-2007-3410 | 2 Realnetworks, Redhat | 6 Helix Player, Realone Player, Realplayer and 3 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value. | ||||
| CVE-2007-3414 | 1 Access2asp | 1 Access2asp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp. | ||||
| CVE-2007-3952 | 1 Norman | 1 Normon Antivirus | 2026-04-23 | N/A |
| The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around". | ||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3415 | 1 Phpraider | 1 Phpraider | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter. | ||||