Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1180 | 5 Apple, Foolabs, Glyphandcog and 2 more | 5 Cups, Xpdf, Xpdfreader and 2 more | 2026-04-23 | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. | ||||
| CVE-2009-1181 | 5 Apple, Foolabs, Glyphandcog and 2 more | 5 Cups, Xpdf, Xpdfreader and 2 more | 2026-04-23 | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. | ||||
| CVE-2007-3267 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | ||||
| CVE-2009-1189 | 2 Freedesktop, Redhat | 2 Dbus, Enterprise Linux | 2026-04-23 | N/A |
| The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. | ||||
| CVE-2007-3369 | 1 Polycom | 1 Soundpoint Ip 601 | 2026-04-23 | N/A |
| Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header. | ||||
| CVE-2009-1190 | 2 Springsource, Sun | 3 Dm Server, Spring Framework, Jdk | 2026-04-23 | N/A |
| Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540. | ||||
| CVE-2007-3406 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. | ||||
| CVE-2007-3416 | 2 Web-app.org, Web App.net | 2 Webapp, Webapp | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators. | ||||
| CVE-2007-3437 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2026-04-23 | N/A |
| AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. | ||||
| CVE-2007-3448 | 1 Bugmall | 1 Shopping Cart | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected. | ||||
| CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2026-04-23 | N/A |
| A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | ||||
| CVE-2007-3481 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain | ||||
| CVE-2007-3487 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2026-04-23 | N/A |
| Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | ||||
| CVE-2009-1194 | 2 Pango, Redhat | 2 Pango, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. | ||||
| CVE-2007-3508 | 1 Gentoo | 1 Glibc | 2026-04-23 | N/A |
| Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution | ||||
| CVE-2007-3511 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. | ||||
| CVE-2009-3871 | 3 Microsoft, Redhat, Sun | 10 Windows, Enterprise Linux, Network Satellite and 7 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | ||||
| CVE-2007-3522 | 1 Sphpell | 1 Sphpell | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php. | ||||
| CVE-2007-3531 | 1 Gentoo | 2 Linux, Nvclock | 2026-04-23 | N/A |
| The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. | ||||
| CVE-2007-3559 | 1 Php-fusion | 1 Php-fusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. | ||||