Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1718 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. | ||||
| CVE-2007-4149 | 1 Visionsoft | 1 Audit | 2026-04-23 | N/A |
| The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2007-3717 | 1 Sun | 1 Sunos | 2026-04-23 | N/A |
| rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. | ||||
| CVE-2007-4057 | 1 Neocrome | 1 Seditio | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png. | ||||
| CVE-2007-2941 | 1 Michael Brandon | 1 Vbgsitemap | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | ||||
| CVE-2007-4375 | 1 Diskeeper | 1 Diskeeper | 2026-04-23 | N/A |
| The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. | ||||
| CVE-2007-4381 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | ||||
| CVE-2007-2962 | 1 Particle Soft | 1 Particle Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. | ||||
| CVE-2007-2915 | 1 Rm Easymail | 1 Rm Easymail Plus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email. | ||||
| CVE-2009-2764 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2026-04-23 | N/A |
| Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location. | ||||
| CVE-2007-2879 | 1 Gnuturk | 1 Gnuturk Portal System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter. | ||||
| CVE-2007-3723 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | ||||
| CVE-2008-7200 | 1 Deliantra | 1 Deliantra | 2026-04-23 | N/A |
| Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors. | ||||
| CVE-2007-4383 | 1 Trackeur | 1 Trackeur | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable | ||||
| CVE-2008-5912 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-2933 | 1 Phil-a-form | 1 Phil-a-form | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. | ||||
| CVE-2007-4061 | 1 Nessus | 1 Vulnerability Scanner | 2026-04-23 | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2007-5760 | 3 Redhat, X.org, Xfree86 Project | 3 Enterprise Linux, Xserver, Xfree86-misc | 2026-04-23 | N/A |
| Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. | ||||
| CVE-2007-2918 | 1 Logitech | 1 Videocall | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. | ||||
| CVE-2009-2908 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount. | ||||