Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4433 1 Aspindir 1 Text File Search 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2007-3722 1 Freebsd 1 Freebsd 2026-04-23 N/A
The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
CVE-2007-3721 1 Freebsd 1 Freebsd 2026-04-23 N/A
The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
CVE-2007-1355 2 Apache, Redhat 2 Tomcat, Network Satellite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
CVE-2007-2797 3 Debian, Redhat, Xterm 3 Debian Linux, Enterprise Linux, Xterm 2026-04-23 N/A
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
CVE-2007-3359 1 Iptel 1 Serweb 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3358 1 Iptel 1 Serweb 2026-04-23 N/A
PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter.
CVE-2007-4381 2 Redhat, Sun 4 Rhel Extras, Jdk, Jre and 1 more 2026-04-23 N/A
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
CVE-2006-5920 1 Yuuki Yoshizawa 1 Exporia 2026-04-23 N/A
PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113
CVE-2006-5919 1 Activecampaign 1 Knowledgebuilder 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131.
CVE-2007-0256 1 Videolan 1 Vlc Media Player 2026-04-23 N/A
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
CVE-2007-0255 1 Xine 1 Xine 2026-04-23 N/A
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
CVE-2006-6625 1 Moodle 1 Moodle 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0254 1 Xine 1 Xine-ui 2026-04-23 N/A
Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.
CVE-2006-7217 1 Apache 1 Derby 2026-04-23 N/A
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
CVE-2006-7216 1 Apache 1 Derby 2026-04-23 N/A
Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
CVE-2006-7215 1 Intel 3 Core 2 Duo E4000, Core 2 Duo E6000, Core 2 Extreme X6800 2026-04-23 N/A
The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90.
CVE-2007-0240 2 Redhat, Zope 2 Rhel Cluster, Zope 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
CVE-2006-7214 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
CVE-2006-6624 1 Sambar 1 Sambar Server 2026-04-23 N/A
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.