Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3496 | 1 Sap | 4 Netweaver Nw04, Netweaver Nw04s, Sap Basis Component 640 and 1 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||
| CVE-2007-4120 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims | ||||
| CVE-2007-4684 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call. | ||||
| CVE-2007-3502 | 1 Kaspersky Lab | 1 Kaspersky Anti-spam | 2026-04-23 | N/A |
| Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. | ||||
| CVE-2007-4125 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors. | ||||
| CVE-2007-4686 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | ||||
| CVE-2007-3518 | 1 Hispah | 1 Youtube Clone Script | 2026-04-23 | N/A |
| SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4132 | 1 Redhat | 2 Network Satelite Server, Network Satellite | 2026-04-23 | N/A |
| Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler." | ||||
| CVE-2007-3527 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | N/A |
| Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data. | ||||
| CVE-2007-4138 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-23 | N/A |
| The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined. | ||||
| CVE-2007-3536 | 1 Amx | 1 Netlinx Vnc Activex Control | 2026-04-23 | N/A |
| Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values. | ||||
| CVE-2007-4139 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Temporary Uploads editing functionality (wp-admin/includes/upload.php) in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php. | ||||
| CVE-2007-4687 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | ||||
| CVE-2007-3539 | 1 Qt-cute | 2 Quicktalk Forum, Quickticket | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3. | ||||
| CVE-2007-3544 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. | ||||
| CVE-2007-3552 | 1 Bbs100 | 1 Bbs100 | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-4148 | 1 Visionsoft | 1 Audit | 2026-04-23 | N/A |
| Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a "LOG." command. | ||||
| CVE-2007-4690 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. | ||||
| CVE-2007-3553 | 1 Oracle | 2 Application Server, Rapid Install Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3573 | 1 Akocomment | 1 Akocomment | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. | ||||