Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6686 | 1 Menalto | 1 Gallery | 2026-04-23 | N/A |
| The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. | ||||
| CVE-2008-1193 | 2 Redhat, Sun | 4 Network Satellite, Rhel Extras, Jdk and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. | ||||
| CVE-2007-6695 | 1 Drake Team | 1 Drake Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. | ||||
| CVE-2007-6696 | 1 Webcalendar | 1 Webcalendar | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication. | ||||
| CVE-2007-6703 | 1 Synce | 1 Vdccm | 2026-04-23 | N/A |
| Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2026-04-23 | N/A |
| The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | ||||
| CVE-2006-7198 | 1 Ibm | 2 Racf, Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123. | ||||
| CVE-2007-6708 | 1 Linksys | 1 Wag54gs | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. | ||||
| CVE-2008-1195 | 3 Canonical, Redhat, Sun | 6 Ubuntu Linux, Network Satellite, Rhel Extras and 3 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. | ||||
| CVE-2007-6712 | 2 Kernel, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2026-04-23 | N/A |
| Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired. | ||||
| CVE-2006-7200 | 1 Emc | 1 Rsa Security Sitekey | 2026-04-23 | N/A |
| EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. | ||||
| CVE-2007-6715 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case. | ||||
| CVE-2008-1197 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2026-04-23 | N/A |
| The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." | ||||
| CVE-2008-1198 | 1 Redhat | 1 Enterprise Linux | 2026-04-23 | N/A |
| The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. | ||||
| CVE-2007-2354 | 1 Progress | 1 Webspeed Messenger | 2026-04-23 | N/A |
| Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | ||||
| CVE-2008-1199 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2026-04-23 | N/A |
| Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||||
| CVE-2008-1203 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. | ||||
| CVE-2007-2823 | 1 Ht Editor | 1 Ht Editor | 2026-04-23 | N/A |
| Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information. | ||||
| CVE-2008-1204 | 1 Sun | 1 Java System Access Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. | ||||
| CVE-2008-1511 | 1 Oocomments | 1 Oocomments | 2026-04-23 | 9.8 Critical |
| Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||