Export limit exceeded: 346145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0478 | 1 Apple | 3 Mac Os X, Safari, Webcore | 2026-04-23 | N/A |
| WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. | ||||
| CVE-2007-0224 | 1 Virtual Programming | 1 Vp-asp | 2026-04-23 | N/A |
| SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. | ||||
| CVE-2007-0464 | 2 Apple, Cfnetwork | 2 Mac Os X, Cfnetwork | 2026-04-23 | N/A |
| The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | ||||
| CVE-2007-0226 | 1 Uniforum | 1 Uniforum | 2026-04-23 | N/A |
| SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter). | ||||
| CVE-2007-0467 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. | ||||
| CVE-2007-0480 | 1 Cisco | 1 Ios Transmission Control Protocol | 2026-04-23 | N/A |
| Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet. | ||||
| CVE-2007-0481 | 1 Cisco | 1 Ios Transmission Control Protocol | 2026-04-23 | N/A |
| Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header. | ||||
| CVE-2007-0469 | 1 Rubyforge | 1 Rubygems | 2026-04-23 | N/A |
| The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. | ||||
| CVE-2007-0482 | 1 Sun | 1 Ray Server Software | 2026-04-23 | N/A |
| cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack. | ||||
| CVE-2007-1683 | 1 Incredimail | 1 Immenushellext Activex Control | 2026-04-23 | N/A |
| Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2008-0298 | 1 Apple | 2 Mac Os X, Safari | 2026-04-23 | N/A |
| KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | ||||
| CVE-2007-0485 | 1 Webchat.org | 1 Webchat | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter. | ||||
| CVE-2008-1119 | 1 Centreon | 1 Centreon | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. | ||||
| CVE-2008-1128 | 1 Phpmytourney | 1 Phpmytourney | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2007-0471 | 1 Checkpoint | 1 Connectra Ngx | 2026-04-23 | N/A |
| sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. | ||||
| CVE-2007-0483 | 1 Enthusiast | 1 Enthusiast | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0472 | 1 Smb4k | 1 Smb4k | 2026-04-23 | N/A |
| Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp. | ||||
| CVE-2007-0484 | 1 Enthusiast | 1 Enthusiast | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0486 | 1 Phpadsnew | 1 Phpadsnew | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions | ||||
| CVE-2007-0487 | 1 Zoneo-soft | 1 Freeforum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used | ||||