Export limit exceeded: 363052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363052 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6426 | 1 Emc | 1 Replistor | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data. | ||||
| CVE-2007-6425 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2007-6412 | 1 Bitweaver | 1 Bitweaver | 2026-04-23 | N/A |
| Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. | ||||
| CVE-2007-2507 | 1 Treble Designs | 1 1024 Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter. | ||||
| CVE-2007-6400 | 1 Poldoc | 1 Poldoc Document Management System | 2026-04-23 | N/A |
| Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter. | ||||
| CVE-2007-5663 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. | ||||
| CVE-2007-6390 | 1 Serendipity | 1 Serendipity | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page. | ||||
| CVE-2007-5660 | 1 Macrovision | 3 Flexnet Connect, Installshield 2008, Update Service | 2026-04-23 | N/A |
| Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow. | ||||
| CVE-2007-6383 | 1 Chandler Project | 1 Chandler Server | 2026-04-23 | N/A |
| The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection. | ||||
| CVE-2007-6382 | 1 Robocode | 1 Robocode | 2026-04-23 | N/A |
| The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method. | ||||
| CVE-2007-6379 | 1 Badblue | 1 Badblue | 2026-04-23 | N/A |
| BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. | ||||
| CVE-2007-6374 | 1 Bitweaver | 1 Bitweaver | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103. | ||||
| CVE-2009-3026 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2026-04-23 | N/A |
| protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. | ||||
| CVE-2007-6361 | 1 Gekkoware | 1 Gekko | 2026-04-23 | N/A |
| Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server. | ||||
| CVE-2009-3025 | 1 Pidgin | 1 Pidgin | 2026-04-23 | N/A |
| Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. | ||||
| CVE-2007-6351 | 2 Libexif Project, Redhat | 2 Libexif, Enterprise Linux | 2026-04-23 | N/A |
| libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. | ||||
| CVE-2007-6344 | 1 Mcms | 1 Easy Web Make | 2026-04-23 | N/A |
| Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. | ||||
| CVE-2007-6307 | 1 Jfree | 1 Jfreechart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. | ||||
| CVE-2009-3013 | 1 Opera | 1 Opera Browser | 2026-04-23 | N/A |
| Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2007-6285 | 1 Redhat | 1 Enterprise Linux | 2026-04-23 | N/A |
| The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | ||||