Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3337 | 1 Ingres | 1 Database Server | 2026-04-23 | N/A |
| wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. | ||||
| CVE-2007-0410 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events." | ||||
| CVE-2007-3336 | 1 Ingres | 1 Database Server | 2026-04-23 | N/A |
| Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. | ||||
| CVE-2007-3682 | 1 Openld | 1 Openld | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3026 | 1 Panda | 1 Adminsecure | 2026-04-23 | N/A |
| Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | ||||
| CVE-2007-1040 | 1 Xpression News | 1 Xpression News | 2026-04-23 | N/A |
| Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. | ||||
| CVE-2007-3690 | 1 Drupal | 1 Forward Module | 2026-04-23 | N/A |
| The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | ||||
| CVE-2007-3022 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2026-04-23 | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. | ||||
| CVE-2006-6420 | 1 Ryan Demmer | 1 Joomla Content Editor | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5410 | 1 Boonex | 1 Dolphin | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189. | ||||
| CVE-2007-3012 | 1 Fujitsu | 1 Primergy Bx300 | 2026-04-23 | N/A |
| The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm. | ||||
| CVE-2007-3083 | 1 Rainbowsoft | 1 Z-blog | 2026-04-23 | N/A |
| Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb. | ||||
| CVE-2006-5416 | 1 F5 | 1 Firepass 1000 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | ||||
| CVE-2006-5419 | 1 University Of Glasgow | 1 Specimen Image Database | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database (SID), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. | ||||
| CVE-2007-2925 | 1 Isc | 1 Bind | 2026-04-23 | N/A |
| The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. | ||||
| CVE-2007-0416 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security. | ||||
| CVE-2006-6421 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user. | ||||
| CVE-2006-5432 | 1 Marc Giombetti | 1 Phppowercards | 2026-04-23 | N/A |
| Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file. | ||||
| CVE-2007-0417 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. | ||||
| CVE-2007-3719 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | ||||