Export limit exceeded: 14413 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346105 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346105 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2620 | 1 Jakub Steiner | 1 Original | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter. | ||||
| CVE-2009-2198 | 1 Apple | 1 Garageband | 2026-04-23 | N/A |
| Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | ||||
| CVE-2007-2616 | 1 Novell | 1 Netmail | 2026-04-23 | N/A |
| Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | ||||
| CVE-2009-2199 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. | ||||
| CVE-2007-2624 | 1 Aiocp | 1 Aiocp | 2026-04-23 | N/A |
| Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2629 | 1 Bradford Networks | 1 Campusmanager Network Control Application Server | 2026-04-23 | N/A |
| Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | ||||
| CVE-2007-5018 | 1 David Harris | 1 Mercury 32 | 2026-04-23 | N/A |
| Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211. | ||||
| CVE-2007-2637 | 2 Moinmoin, Ubuntu | 2 Moinmoin, Ubuntu Linux | 2026-04-23 | N/A |
| MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | ||||
| CVE-2007-5022 | 1 Ibm | 1 Tivoli Storage Manager Client | 2026-04-23 | N/A |
| Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616. | ||||
| CVE-2007-2646 | 1 Yenc32 | 1 Yenc32 | 2026-04-23 | N/A |
| Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file. | ||||
| CVE-2009-2201 | 1 Apple | 1 Xsan | 2026-04-23 | N/A |
| The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. | ||||
| CVE-2007-2656 | 1 Hp | 1 Hpqvwocx.dll | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. | ||||
| CVE-2007-2675 | 1 Pre Projects | 1 Pre Classifieds Listings | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2007-2676 | 1 Open Translation Engine | 1 Open Translation Engine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter. | ||||
| CVE-2007-5032 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | ||||
| CVE-2007-2671 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. | ||||
| CVE-2009-2203 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. | ||||
| CVE-2007-5034 | 2 Elinks, Redhat | 2 Elinks, Enterprise Linux | 2026-04-23 | N/A |
| ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. | ||||
| CVE-2009-2204 | 1 Apple | 1 Iphone Os | 2026-04-23 | N/A |
| Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. | ||||