Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3511 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. | ||||
| CVE-2007-3747 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. | ||||
| CVE-2007-1739 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation. | ||||
| CVE-2007-1728 | 1 Sony | 2 Playstation 3, Playstation Portable | 2026-04-23 | N/A |
| The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. | ||||
| CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2026-04-23 | N/A |
| A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | ||||
| CVE-2007-3437 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2026-04-23 | N/A |
| AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. | ||||
| CVE-2007-3406 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. | ||||
| CVE-2007-3155 | 1 Egroupware | 1 Egroupware | 2026-04-23 | N/A |
| Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. | ||||
| CVE-2007-3159 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2026-04-23 | N/A |
| http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. | ||||
| CVE-2007-1725 | 1 Icebb | 1 Icebb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | ||||
| CVE-2007-3165 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. | ||||
| CVE-2007-3267 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | ||||
| CVE-2007-2399 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | ||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2026-04-23 | N/A |
| Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | ||||
| CVE-2006-6021 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2026-04-23 | N/A |
| SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | ||||
| CVE-2007-3829 | 2 Interactual Technologies, Roxio | 2 Interactual Player, Cineplayer | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2102 | 1 My Little Homepage | 1 My Little Weblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. | ||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-3815 | 1 Republike Slovenije | 1 Pirs | 2026-04-23 | N/A |
| Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment. | ||||
| CVE-2007-3803 | 1 Clavister | 1 Clavister Coreplus | 2026-04-23 | N/A |
| The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. | ||||