Export limit exceeded: 350358 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350358 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3464 | 1 Sofaware | 1 Safe At Office 500 Utm | 2026-04-23 | N/A |
| Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors. | ||||
| CVE-2007-3452 | 1 Edocstore | 1 Edocstore | 2026-04-23 | N/A |
| SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action. | ||||
| CVE-2007-3119 | 1 Kartli Alisveris Sistemi | 1 Kartli Alisveris Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | ||||
| CVE-2007-3124 | 1 Freevms | 1 Freevms | 2026-04-23 | N/A |
| Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt. | ||||
| CVE-2007-3128 | 1 Ibm | 1 Websphere Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2007-3141 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042. | ||||
| CVE-2007-3145 | 1 Galeon | 1 Galeon Browser | 2026-04-23 | N/A |
| Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
| CVE-2009-0837 | 1 Foxit | 1 Reader3.0 | 2026-04-23 | N/A |
| Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action. | ||||
| CVE-2009-0838 | 1 Sun | 2 Opensolaris, Sunos | 2026-04-23 | N/A |
| The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. | ||||
| CVE-2007-3147 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0840 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header. | ||||
| CVE-2009-0841 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter. | ||||
| CVE-2007-3169 | 1 Edraw | 1 Office Viewer Component | 2026-04-23 | N/A |
| Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method. | ||||
| CVE-2009-0842 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2026-04-23 | N/A |
| mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink. | ||||
| CVE-2007-3179 | 1 Particle Blogger | 1 Particle Blogger | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. | ||||
| CVE-2009-0850 | 1 Bitdefender | 1 Internet Security | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file. | ||||
| CVE-2007-3188 | 1 Geometrix Download Portal | 1 Geometrix Download Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3190 | 1 Jffnms | 1 Just For Fun Network Management System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters. | ||||
| CVE-2009-0854 | 1 Dash | 1 Dash | 2026-04-23 | N/A |
| Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | ||||
| CVE-2007-3195 | 1 Erfan Wiki | 1 Erfan Wiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||