Export limit exceeded: 362147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362147 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3409 4 Canonical, Debian, Net-dns and 1 more 4 Ubuntu Linux, Debian Linux, Net\ and 1 more 2026-04-23 7.5 High
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
CVE-2007-4053 1 Linpha 1 Linpha 2026-04-23 N/A
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
CVE-2006-4842 2 Netscape, Sun 2 Portable Runtime Api, Solaris 2026-04-23 N/A
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2007-1566 1 Netvios 1 Netvios 2026-04-23 N/A
SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954.
CVE-2007-2237 1 Microsoft 1 Windows Xp 2026-04-23 5.5 Medium
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
CVE-2007-1810 1 Kaotik 1 Kshop 2026-04-23 N/A
SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2591 1 Nokia 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express 2026-04-23 N/A
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.
CVE-2007-1811 1 Chapi 1 Tiny Event 2026-04-23 N/A
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
CVE-2007-2593 1 Microsoft 2 Terminal Server, Windows 2003 Server 2026-04-23 N/A
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
CVE-2007-2603 1 Audio Cd Tools 1 Audio Cd Ripper Ocx 2026-04-23 N/A
Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors.
CVE-2007-1826 1 Cisco 2 Unified Callmanager, Unified Presence Server 2026-04-23 N/A
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.
CVE-2007-5469 1 Openser 1 Openser 2026-04-23 N/A
OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons.
CVE-2007-5481 1 Distributed Checksum Clearinghouse 1 Dcc 2026-04-23 N/A
Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood."
CVE-2007-1833 1 Cisco 1 Unified Callmanager 2026-04-23 N/A
The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port.
CVE-2007-5486 1 Dotproject 1 Dotproject 2026-04-23 N/A
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
CVE-2007-5487 1 Cowon America 1 Jetaudio 2026-04-23 N/A
Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.
CVE-2008-0489 1 Clansphere 1 Clansphere 2026-04-23 N/A
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-1843 1 Maptools 1 Maplab 2026-04-23 N/A
PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter.
CVE-2008-1008 1 Apple 1 Safari 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
CVE-2008-2052 1 Bitrix24 1 Bitrix Site Manager 2026-04-23 6.1 Medium
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.