Export limit exceeded: 10533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359547 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3937 | 1 A-shop | 1 A-shop | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-3938 | 1 Maxdev | 1 Mdpro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676. | ||||
| CVE-2007-3940 | 1 Quickersite | 1 Quickersite | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3941 | 1 Jasmine | 1 Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3942 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use | ||||
| CVE-2008-3154 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2007-3943 | 1 Adaptive Business Design | 1 Infinite Responder | 2026-04-23 | N/A |
| SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | ||||
| CVE-2007-3945 | 2 Linux, Rsbac | 2 Linux Kernel, Rule Set Based Access Control | 2026-04-23 | N/A |
| Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes. | ||||
| CVE-2007-3946 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. | ||||
| CVE-2007-3948 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. | ||||
| CVE-2007-3949 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. | ||||
| CVE-2007-3950 | 1 Lighttpd | 1 Lighttpd | 2026-04-23 | N/A |
| lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. | ||||
| CVE-2008-3161 | 1 Ibm | 1 Maximo | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3952 | 1 Norman | 1 Normon Antivirus | 2026-04-23 | N/A |
| The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around". | ||||
| CVE-2007-3953 | 1 Norman | 1 Norman Virus Control | 2026-04-23 | N/A |
| The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error. | ||||
| CVE-2007-3954 | 2 Microsoft, Mozilla | 2 Internet Explorer, Seamonkey | 2026-04-23 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | ||||
| CVE-2007-3955 | 1 Linkedin | 1 Toolbar | 2026-04-23 | N/A |
| Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3956 | 2 Microsoft, Teamspeak | 2 All Windows, Web Server | 2026-04-23 | N/A |
| TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. | ||||
| CVE-2007-3957 | 1 Nipun Jain | 1 Xserver | 2026-04-23 | N/A |
| Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI. | ||||