Export limit exceeded: 19593 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6059 | 1 Sun | 1 Javamail | 2026-04-23 | N/A |
| Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products. | ||||
| CVE-2007-6060 | 1 Ahnlab | 1 V3 Internet Security | 2026-04-23 | N/A |
| AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. | ||||
| CVE-2007-6061 | 1 Audacityteam | 1 Audacity | 2026-04-23 | N/A |
| Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. | ||||
| CVE-2007-6062 | 1 Ngircd | 1 Ngircd | 2026-04-23 | N/A |
| irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. | ||||
| CVE-2007-5823 | 1 Scribe | 1 Scribe | 2026-04-23 | N/A |
| Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action. | ||||
| CVE-2007-5825 | 1 Firefly | 1 Media Server | 2026-04-23 | N/A |
| Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. | ||||
| CVE-2007-5826 | 1 Edraw | 1 Flowchart Activex | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420. | ||||
| CVE-2007-5827 | 2 Debian, Iscsitarget | 2 Debian Linux, Iscsitarget | 2026-04-23 | N/A |
| iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | ||||
| CVE-2007-5828 | 1 Django Project | 1 Django | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module | ||||
| CVE-2007-5831 | 1 Ssl-explorer | 1 Ssl-explorer | 2026-04-23 | N/A |
| Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5832 | 1 Ssl-explorer | 1 Ssl-explorer | 2026-04-23 | N/A |
| Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5833 | 1 Bosdev | 1 Bosmarket Business Directory System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post. | ||||
| CVE-2007-5844 | 1 Guppy | 1 Guppy | 2026-04-23 | N/A |
| Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter. | ||||
| CVE-2007-5845 | 1 Guppy | 1 Guppy | 2026-04-23 | N/A |
| Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc. | ||||
| CVE-2007-5945 | 1 Usvn | 1 User-friendly Svn | 2026-04-23 | N/A |
| USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | ||||
| CVE-2007-5847 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | ||||
| CVE-2007-5848 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. | ||||
| CVE-2007-5849 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2026-04-23 | N/A |
| Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. | ||||
| CVE-2007-5850 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. | ||||
| CVE-2007-5851 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | ||||