Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3903 | 2 Asterisk, Trixbox | 2 P B X, Pbx | 2026-04-23 | N/A |
| Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2007-4509 | 1 Joomla | 1 Eventlist | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action. | ||||
| CVE-2008-5973 | 1 Activewebsoftwares | 1 Active Web Mail | 2026-04-23 | N/A |
| SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2007-4926 | 1 Axis | 1 207w Camera | 2026-04-23 | N/A |
| The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. | ||||
| CVE-2007-2086 | 1 Cnstats | 1 Cnstats | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/. | ||||
| CVE-2007-4448 | 1 Toribash | 1 Toribash | 2026-04-23 | N/A |
| The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. | ||||
| CVE-2007-2085 | 1 Oe2edit | 1 Oe2edit Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2007-4443 | 1 Epic Games | 1 Unreal Engine | 2026-04-23 | N/A |
| The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. | ||||
| CVE-2007-2083 | 1 Zonelabs | 1 Zonealarm | 2026-04-23 | N/A |
| vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. | ||||
| CVE-2007-4432 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2026-04-23 | N/A |
| Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | ||||
| CVE-2007-4383 | 1 Trackeur | 1 Trackeur | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable | ||||
| CVE-2007-2024 | 1 Phpwiki | 1 Phpwiki | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension. | ||||
| CVE-2007-2025 | 1 Phpwiki | 1 Phpwiki | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. | ||||
| CVE-2007-4384 | 1 Stephane Pineau | 1 Vote | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters. | ||||
| CVE-2007-4385 | 1 Owasp | 1 Stinger | 2026-04-23 | N/A |
| OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines. | ||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2026-04-23 | N/A |
| The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | ||||
| CVE-2007-2027 | 2 Elinks, Redhat | 2 Elinks, Enterprise Linux | 2026-04-23 | N/A |
| Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. | ||||
| CVE-2007-4386 | 1 Getmyownarcade | 1 Getmyownarcade | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | ||||
| CVE-2007-2031 | 1 3proxy | 1 3proxy | 2026-04-23 | N/A |
| Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests. | ||||
| CVE-2007-4387 | 1 2wire | 2 1701hg Router, 2071 Router | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | ||||