Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1316 1 Abk-soft 1 Ablespace 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php.
CVE-2007-4390 1 Bluecat Networks 1 Adonis 2026-04-23 N/A
The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.
CVE-2007-4393 1 Suse 1 Suse Linux 2026-04-23 N/A
The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.
CVE-2007-4394 2 Novell, Suse 2 Suse Linux, Suse Linux 2026-04-23 N/A
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
CVE-2007-4395 1 Sun 1 Sunos 2026-04-23 N/A
Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.
CVE-2007-4396 1 Irssi 1 Irssi 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4398 1 Irssi 1 Irssi 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4400 1 Konversation 1 Konversation 2026-04-23 N/A
CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
CVE-2007-4402 1 Mirc 1 Mirc 2026-04-23 N/A
Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.
CVE-2008-3207 1 Pragyan 1 Praygan Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
CVE-2009-4524 2 Drupal, Nancy Wichmann 2 Drupal, Realname 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
CVE-2007-4411 1 Universal Ircd 1 Ircu 2026-04-23 N/A
ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.
CVE-2007-4412 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side."
CVE-2007-4413 1 Headstart Solutions 1 Deskpro 2026-04-23 N/A
Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.
CVE-2007-4416 1 Jemjabella 1 Bellabook 2026-04-23 N/A
captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application
CVE-2007-4418 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details.
CVE-2007-4420 1 Edraw 1 Office Viewer Component 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
CVE-2007-4421 1 Olate 1 Olatedownload 2026-04-23 N/A
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
CVE-2007-4423 1 Ibm 1 Db2 Universal Database 2026-04-23 N/A
Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.
CVE-2007-4426 1 Live For Speed 1 Live For Speed 2026-04-23 N/A
Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference.