Export limit exceeded: 24859 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24859 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3091 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows 2003 Server and 3 more | 2026-04-23 | N/A |
| Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2007-3092 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. | ||||
| CVE-2007-3111 | 2 Microsoft, Provideo | 3 Internet Explorer, Windows 2000, Camimage Activex Control | 2026-04-23 | N/A |
| Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. | ||||
| CVE-2007-3164 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. | ||||
| CVE-2007-2815 | 1 Microsoft | 1 Internet Information Services | 2026-04-23 | N/A |
| The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | ||||
| CVE-2007-2856 | 2 Dart, Microsoft | 2 Powertcp Zip Compression, Internet Explorer | 2026-04-23 | N/A |
| Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855. | ||||
| CVE-2007-2884 | 1 Microsoft | 1 Visual Basic | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. | ||||
| CVE-2007-2885 | 1 Microsoft | 1 Visual Database Tools Database Designer | 2026-04-23 | N/A |
| The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. | ||||
| CVE-2007-2896 | 2 Microsoft, Symantec | 2 All Windows, Enterprise Security Manager | 2026-04-23 | N/A |
| Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. | ||||
| CVE-2007-2897 | 1 Microsoft | 1 Internet Information Server | 2026-04-23 | N/A |
| Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. | ||||
| CVE-2007-2903 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. | ||||
| CVE-2007-2927 | 2 Atheros, Microsoft | 2 Wireless Adapter Drivers, All Windows | 2026-04-23 | N/A |
| Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. | ||||
| CVE-2007-2931 | 1 Microsoft | 2 Msn Messenger, Windows Live Messenger | 2026-04-23 | N/A |
| Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. | ||||
| CVE-2007-2938 | 2 Honeywell, Microsoft | 2 Ademco Atnbaseloader100 Module, Internet Explorer | 2026-04-23 | N/A |
| Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. | ||||
| CVE-2007-2581 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Services, Windows 2003 | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | ||||
| CVE-2007-2593 | 1 Microsoft | 2 Terminal Server, Windows 2003 Server | 2026-04-23 | N/A |
| The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. | ||||
| CVE-2007-2718 | 2 Microsoft, Stalker | 2 Internet Explorer, Communigate Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. | ||||
| CVE-2007-2730 | 3 Checkpoint, Comodo, Microsoft | 6 Zonealarm, Comodo Firewall Pro, Comodo Personal Firewall and 3 more | 2026-04-23 | N/A |
| Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | ||||
| CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | ||||
| CVE-2007-2374 | 2 Avaya, Microsoft | 7 Definity One Media Server, Media Server, S3400 and 4 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. | ||||