Export limit exceeded: 20044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0677 1 Cronosys 1 Cadre Php Framework 2026-04-23 N/A
PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.
CVE-2007-0675 1 Microsoft 1 Windows Vista 2026-04-23 N/A
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
CVE-2007-0674 1 Microsoft 1 Windows Mobile 2026-04-23 N/A
Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.
CVE-2008-2889 1 Wise-ftp 1 Wise-ftp 2026-04-23 N/A
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2007-0672 2 Broadcom, Ca 5 Brightstor Arcserve Backup Laptops Desktops, Business Protection Suite, Desktop Management Suite and 2 more 2026-04-23 N/A
LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.
CVE-2007-0670 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
CVE-2007-0669 1 Twiki 1 Twiki 2026-04-23 N/A
Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.
CVE-2007-0668 1 Sun 1 Solaris 2026-04-23 N/A
The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.
CVE-2007-0667 2 Ledgersmb, Sql-ledger 2 Ledgersmb, Sql-ledger 2026-04-23 N/A
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
CVE-2007-0666 1 Ipswitch 1 Ws Ftp Server 2026-04-23 N/A
Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.
CVE-2008-2885 1 Odars 1 Odars 2026-04-23 N/A
PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.
CVE-2008-4864 2 Python, Redhat 2 Python, Enterprise Linux 2026-04-23 N/A
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
CVE-2007-0655 1 Microworld Technologies 1 Escan 2026-04-23 N/A
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
CVE-2007-0654 1 X Multimedia System 1 X Multimedia System 2026-04-23 N/A
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
CVE-2007-0653 2 Linux, X Multimedia System 2 Linux Kernel, X Multimedia System 2026-04-23 N/A
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
CVE-2007-0652 1 Mailenable 1 Mailenable Professional 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
CVE-2007-0651 1 Mailenable 1 Mailenable Professional 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
CVE-2007-0650 1 Makeindex 1 Makeindex 2026-04-23 N/A
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
CVE-2009-4407 1 Pyforum 1 Pyforum 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors.
CVE-2008-2834 1 Sidb 1 Scientific Image Database 2026-04-23 N/A
SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.