Export limit exceeded: 349719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1923 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0. | ||||
| CVE-2007-1920 | 1 Smodbip | 1 Smodbip | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php. | ||||
| CVE-2007-1913 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2026-04-23 | N/A |
| The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | ||||
| CVE-2007-5502 | 1 Openssl | 1 Fips Object Module | 2026-04-23 | N/A |
| The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. | ||||
| CVE-2007-6522 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. | ||||
| CVE-2007-6521 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. | ||||
| CVE-2007-5501 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. | ||||
| CVE-2007-6520 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. | ||||
| CVE-2007-5500 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1446 | 1 Elkagroup | 1 Image Gallery | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4109 | 2 Debian, Openbsd | 2 Linux, Openssh | 2026-04-23 | N/A |
| A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. | ||||
| CVE-2008-2414 | 1 Aguestbook | 1 An Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | ||||
| CVE-2008-2349 | 1 Zomp | 1 Zomplog | 2026-04-23 | N/A |
| Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. | ||||
| CVE-2007-6482 | 2 Linux, Sun | 4 Linux Kernel, Ray Server Software, Solaris and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | ||||
| CVE-2007-5080 | 1 Realnetworks | 3 Realone Player, Realplayer, Realplayer Enterprise | 2026-04-23 | N/A |
| Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. | ||||
| CVE-2007-4762 | 1 E-smart Cart | 1 E-smart Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092. | ||||
| CVE-2007-3823 | 1 Ipswitch | 1 Ws Ftp | 2026-04-23 | N/A |
| The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | ||||
| CVE-2007-1848 | 1 Drake Team | 1 Drake Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | ||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2006-7187 | 1 Web-app.net | 1 Webapp | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable. | ||||