Export limit exceeded: 362065 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362065 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362065 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2488 | 1 Asterisk | 1 Asterisk | 2026-04-23 | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. | ||||
| CVE-2007-2531 | 1 Berylium | 1 Berylium2 | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. | ||||
| CVE-2007-2492 | 1 Postnuke Software Foundation | 1 Postnuke V4bjournal Module | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. | ||||
| CVE-2007-2494 | 1 Office Ocx | 1 Powerpoint Viewer Ocx | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2026-04-23 | N/A |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2026-04-23 | N/A |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | ||||
| CVE-2007-2502 | 1 Hp | 1 Procurve Switch 9300m | 2026-04-23 | N/A |
| Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. | ||||
| CVE-2007-2503 | 1 Php Turbulence | 1 Php Turbulence | 2026-04-23 | N/A |
| Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion | ||||
| CVE-2007-2529 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. | ||||
| CVE-2007-2504 | 1 Php Turbulence | 1 Php Turbulence | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion | ||||
| CVE-2007-0559 | 1 Rp World | 1 Rp World | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter. | ||||
| CVE-2006-5232 | 1 Isearch | 1 Isearch | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes | ||||
| CVE-2006-5234 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable | ||||
| CVE-2006-7201 | 1 Emc | 1 Rsa Security Sitekey | 2026-04-23 | N/A |
| EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. | ||||
| CVE-2006-5513 | 1 Geonetwork | 1 Opensource | 2026-04-23 | N/A |
| SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. | ||||
| CVE-2007-0389 | 1 Arsdigita | 2 Arsdigita Community Education Solution, Arsdigita Community System | 2026-04-23 | N/A |
| Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI. | ||||
| CVE-2006-5236 | 1 4homepages | 1 4images | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter. | ||||
| CVE-2006-5237 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2026-04-23 | N/A |
| SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-7035 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2026-04-23 | N/A |
| Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter. | ||||
| CVE-2006-5238 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2026-04-23 | N/A |
| Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors. | ||||