Export limit exceeded: 359378 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359378 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3883 | 1 Datadynamics | 1 Activebar | 2026-04-23 | N/A |
| The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method. | ||||
| CVE-2008-4916 | 2 Emc, Vmware | 7 Vmware Player, Vmware Ace, Vmware Esx and 4 more | 2026-04-23 | N/A |
| Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors. | ||||
| CVE-2009-2200 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2026-04-23 | N/A |
| WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | ||||
| CVE-2009-2207 | 1 Apple | 1 Iphone Os | 2026-04-23 | N/A |
| The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | ||||
| CVE-2009-2211 | 1 Ibm | 1 Rational Clearquest | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-3892 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. | ||||
| CVE-2008-4921 | 1 Chipmunk Scripts | 1 Chipmunk Cms | 2026-04-23 | N/A |
| board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2212 | 1 Ibm | 1 Rational Clearquest | 2026-04-23 | N/A |
| The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors. | ||||
| CVE-2007-3897 | 1 Microsoft | 2 Outlook Express, Windows Mail | 2026-04-23 | N/A |
| Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. | ||||
| CVE-2008-4929 | 1 Mybb | 1 Mybb | 2026-04-23 | 7.5 High |
| MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | ||||
| CVE-2009-2213 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2026-04-23 | 6.5 Medium |
| The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | ||||
| CVE-2007-3899 | 1 Microsoft | 2 Office, Word | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." | ||||
| CVE-2008-4937 | 1 Openoffice | 1 Openoffice.org | 2026-04-23 | N/A |
| senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. | ||||
| CVE-2009-2214 | 1 Citrix | 1 Secure Gateway | 2026-04-23 | N/A |
| The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | ||||
| CVE-2007-3918 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | ||||
| CVE-2009-2215 | 1 Urdland | 1 Urd | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components. | ||||
| CVE-2007-3919 | 3 Debian, Redhat, Xensource Inc | 3 Debian Linux, Enterprise Linux, Xen | 2026-04-23 | N/A |
| (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | ||||
| CVE-2008-4938 | 1 Aegis | 2 Aegis, Aegis-web | 2026-04-23 | N/A |
| aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts. | ||||
| CVE-2007-3920 | 4 Compiz, Gnome, Redhat and 1 more | 4 Compiz, Screensaver, Enterprise Linux and 1 more | 2026-04-23 | N/A |
| GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | ||||
| CVE-2008-4946 | 1 Convirture | 1 Convirt | 2026-04-23 | N/A |
| convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/. | ||||