Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4872 | 1 Simplenews | 1 Simplenews | 2026-04-23 | N/A |
| SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages. | ||||
| CVE-2007-4874 | 1 Boesch-it | 1 Simpnews | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. | ||||
| CVE-2007-2108 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. | ||||
| CVE-2007-2110 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). | ||||
| CVE-2007-2112 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTH_ALTER_SESSION security policies via a logon trigger ("AFTER LOGON ON DATABASE" trigger directive), a related issue to CVE-2006-0547. | ||||
| CVE-2007-2114 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11). | ||||
| CVE-2007-2116 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. | ||||
| CVE-2007-2125 | 1 Oracle | 1 Collaboration Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01. | ||||
| CVE-2007-2130 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. | ||||
| CVE-2007-4879 | 1 Mozilla | 2 Firefox, Seamonkey | 2026-04-23 | N/A |
| Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | ||||
| CVE-2007-2138 | 4 Canonical, Debian, Postgresql and 1 more | 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more | 2026-04-23 | N/A |
| Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." | ||||
| CVE-2007-2142 | 1 Ajportal2php | 1 Ajportal2php | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/. | ||||
| CVE-2007-2143 | 1 Bonoestente | 1 Joomla Template Be2004-2 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-4760 | 1 Hitachi | 4 Ucosminexus Application Server Enterprise, Ucosminexus Application Server Standard, Ucosminexus Developer Standard and 1 more | 2026-04-23 | N/A |
| The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503. | ||||
| CVE-2007-2144 | 1 Joomlapack | 1 Joomlapack | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-4761 | 1 Matteo | 1 Barbo91 | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2146 | 1 Minigal | 1 Minigal | 2026-04-23 | N/A |
| The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2148 | 1 Stephen Craton | 1 Chatness | 2026-04-23 | N/A |
| Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | ||||
| CVE-2007-4762 | 1 E-smart Cart | 1 E-smart Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092. | ||||
| CVE-2007-4880 | 1 Ibm | 1 Tivoli Storage Manager Client | 2026-04-23 | N/A |
| Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905. | ||||