Export limit exceeded: 346188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346188 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3085 | 2 Pidgin, Redhat | 3 Libpurple, Pidgin, Enterprise Linux | 2026-04-23 | N/A |
| The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. | ||||
| CVE-2007-3363 | 1 Ageet | 1 Agephone | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets. | ||||
| CVE-2007-3364 | 1 Myserver | 1 Myserver | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. | ||||
| CVE-2007-3365 | 1 Myserverproject | 1 Myserver | 2026-04-23 | 7.5 High |
| MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. | ||||
| CVE-2007-3366 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3367 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3370 | 1 Kim Kyoung Min | 1 Sun Board | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | ||||
| CVE-2007-3371 | 1 Powl | 1 Powl | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter. | ||||
| CVE-2007-3372 | 1 Avahi | 1 Avahi | 2026-04-23 | N/A |
| The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. | ||||
| CVE-2007-3373 | 1 Redhat | 1 Cluster Suite | 2026-04-23 | N/A |
| daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests. | ||||
| CVE-2007-3374 | 1 Redhat | 2 Cluster Suite, Enterprise Linux | 2026-04-23 | N/A |
| Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages. | ||||
| CVE-2007-3079 | 1 Eqdkp | 1 Eqdkp | 2026-04-23 | N/A |
| listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path. | ||||
| CVE-2007-3059 | 1 Sendcard | 1 Sendcard | 2026-04-23 | N/A |
| SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message. | ||||
| CVE-2007-3061 | 1 Cactusoft | 1 Cactushop | 2026-04-23 | N/A |
| Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb. | ||||
| CVE-2007-3062 | 1 Hp | 1 System Management Homepage | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3063 | 1 Mealex | 1 My Databook | 2026-04-23 | N/A |
| SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter. | ||||
| CVE-2007-3064 | 1 Mealex | 1 My Datebook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | ||||
| CVE-2007-3065 | 1 Particle Soft | 1 Particle Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. | ||||
| CVE-2008-2684 | 1 Blackice | 1 Black Ice Barcode Sdk | 2026-04-23 | N/A |
| The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | ||||