Export limit exceeded: 362270 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362270 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0108 1 Microsoft 2 Office, Works 2026-04-23 N/A
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
CVE-2007-5157 2 Php Fidonet Tosser, Phpfidonode 2 Php Fidonet Tosser, Phpfidonode 2026-04-23 N/A
PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post.
CVE-2007-3327 1 Bughunter 1 Http Server 2026-04-23 N/A
httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space).
CVE-2007-3319 1 Avaya 1 4602sw Ip Phone 2026-04-23 N/A
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
CVE-2007-3307 1 Solar Empire 1 Solar Empire 2026-04-23 N/A
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2007-3306 1 Ultrize 1 Minibill 2026-04-23 N/A
PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489.
CVE-2007-3298 1 Spey 1 Spey 2026-04-23 N/A
SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.
CVE-2007-3296 1 Xunlei 1 Web Thunderbolt 2026-04-23 N/A
The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods.
CVE-2007-3292 1 Livecms 1 Livecms 2026-04-23 N/A
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
CVE-2007-3291 1 Livecms 1 Livecms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.
CVE-2006-4410 1 Apple 1 Mac Os X 2026-04-23 N/A
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
CVE-2007-5901 3 Apple, Mit, Redhat 4 Mac Os X, Mac Os X Server, Kerberos 5 and 1 more 2026-04-23 N/A
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
CVE-2007-3275 1 Mailwasher 1 Mailwasher Server 2026-04-23 N/A
MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.
CVE-2007-3274 2 Apple, Microsoft 2 Safari, Windows Xp 2026-04-23 N/A
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.
CVE-2007-5900 1 Php 1 Php 2026-04-23 N/A
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
CVE-2007-5894 1 Mit 1 Kerberos 5 2026-04-23 N/A
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.
CVE-2007-3269 1 Papoo 1 Papoo Cms Light 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. NOTE: vector (2) might overlap CVE-2006-3571.1.
CVE-2007-5893 1 Alhem 1 C\+\+ Sockets Library 2026-04-23 N/A
HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information.
CVE-2007-3564 1 Libcurl 1 Libcurl 2026-04-23 N/A
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
CVE-2006-5538 1 D-link 1 Dsl-g624t 2026-04-23 N/A
D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.