Export limit exceeded: 363514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4992 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | N/A |
| Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050. | ||||
| CVE-2007-4995 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2026-04-23 | N/A |
| Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-4993 | 2 Redhat, Xensource Inc | 2 Enterprise Linux, Xen | 2026-04-23 | N/A |
| pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. | ||||
| CVE-2007-4996 | 1 Pidgin | 1 Pidgin | 2026-04-23 | N/A |
| libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | ||||
| CVE-2007-4999 | 1 Pidgin | 1 Pidgin | 2026-04-23 | N/A |
| libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. | ||||
| CVE-2007-5001 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2026-04-23 | N/A |
| Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file. | ||||
| CVE-2007-3665 | 1 Symantec | 1 Norton Ghost | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions. | ||||
| CVE-2007-5006 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2026-04-23 | N/A |
| Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. | ||||
| CVE-2008-3559 | 1 Kaphotoservice | 1 Kaphotoservice | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6025 | 1 Wpa Supplicant | 1 Wpa Supplicant | 2026-04-23 | N/A |
| Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. | ||||
| CVE-2007-5007 | 1 Gnome | 1 Balsa | 2026-04-23 | N/A |
| Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | ||||
| CVE-2008-3563 | 1 Plogger | 1 Plogger | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings. | ||||
| CVE-2007-5010 | 1 Wilson Windowware | 1 Webbatch | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe. | ||||
| CVE-2007-5013 | 1 Phormer | 1 Phormer | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3568 | 1 Unak | 1 Unak-cms | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1. | ||||
| CVE-2008-3576 | 1 Openttd | 1 Openttd | 2026-04-23 | N/A |
| Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5014 | 1 Derek Leung | 1 Pslash | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php. NOTE: the modules/visitors2/include/config.inc.php vector is already covered by CVE-2006-4373. NOTE: vector 1 is disputed by CVE because PHP encounters a fatal instantiation error on a direct request for the file, before reaching the include statement. | ||||
| CVE-2007-5015 | 1 Streamline | 1 Streamline | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support. | ||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | ||||
| CVE-2007-5018 | 1 David Harris | 1 Mercury 32 | 2026-04-23 | N/A |
| Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211. | ||||