Export limit exceeded: 357812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357812 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2527 | 1 Dynamicpad | 1 Dynamicpad | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. | ||||
| CVE-2009-0241 | 1 Ganglia | 1 Ganglia | 2026-04-23 | N/A |
| Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. | ||||
| CVE-2008-6452 | 1 Oceandir | 1 Oceandir | 2026-04-23 | N/A |
| SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6385 | 1 W3matter | 1 Revsense | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | ||||
| CVE-2007-2524 | 1 Otrs | 1 Otrs | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. | ||||
| CVE-2008-6376 | 1 Nexusjnr | 1 Jbook | 2026-04-23 | N/A |
| SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). | ||||
| CVE-2008-6374 | 1 Codefixer | 1 Mailinglistpro | 2026-04-23 | N/A |
| CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | ||||
| CVE-2008-6372 | 1 Ocean12tech | 1 Faq Manager Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6370 | 1 Ocean12tech | 1 Contact Manager Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter. | ||||
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. | ||||
| CVE-2007-2514 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2026-04-23 | N/A |
| Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. | ||||
| CVE-2007-2513 | 1 Novell | 1 Groupwise | 2026-04-23 | N/A |
| Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. | ||||
| CVE-2007-2508 | 1 Trend Micro | 1 Serverprotect | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll. | ||||
| CVE-2007-5651 | 1 Cisco | 2 Catos, Ios | 2026-04-23 | N/A |
| Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet. | ||||
| CVE-2007-4386 | 1 Getmyownarcade | 1 Getmyownarcade | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | ||||
| CVE-2007-5644 | 1 Lussumo | 1 Vanilla | 2026-04-23 | N/A |
| Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities. | ||||
| CVE-2007-2497 | 1 Realnetworks | 1 Realplayer | 2026-04-23 | N/A |
| RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. | ||||
| CVE-2007-2495 | 1 Office Ocx | 1 Excel Viewer Ocx | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5643 | 1 Lussumo | 1 Vanilla | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php. | ||||
| CVE-2007-2478 | 1 Cerulean Studios | 1 Trillian Pro | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string. | ||||