Export limit exceeded: 346082 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346082 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3117 | 1 Adplan | 1 Seo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers. | ||||
| CVE-2007-5101 | 1 Furquim | 1 Chironfs | 2026-04-23 | N/A |
| ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges. | ||||
| CVE-2007-3122 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | N/A |
| The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. | ||||
| CVE-2009-2312 | 1 Mcafee | 1 Smartfilter | 2026-04-23 | N/A |
| SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges. | ||||
| CVE-2007-3129 | 1 Utopia Software | 1 Utopia News Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. | ||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | ||||
| CVE-2007-5108 | 1 Ask.com | 1 Ask Toolbar | 2026-04-23 | N/A |
| Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107. | ||||
| CVE-2007-5111 | 1 Eb Design Pty Ltd | 1 Ebcrypt | 2026-04-23 | N/A |
| A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allows remote attackers to cause a denial of service (crash) via a string argument to the AddString method. | ||||
| CVE-2009-2316 | 1 Ibm | 1 Tivoli Identity Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector. | ||||
| CVE-2009-2317 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2007-3153 | 1 Daniel Stenberg | 1 C-ares | 2026-04-23 | N/A |
| The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | ||||
| CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2026-04-23 | N/A |
| The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | ||||
| CVE-2007-5133 | 2 3ware, Microsoft | 5 3dm Disk Management Software, Windows 2003 Server, Windows Server 2003 and 2 more | 2026-04-23 | N/A |
| Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. | ||||
| CVE-2007-5134 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2026-04-23 | N/A |
| Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. | ||||
| CVE-2009-2324 | 1 Fckeditor | 1 Fckeditor | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. | ||||
| CVE-2009-2326 | 1 Max Kervin | 1 Kervinet Forum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack. | ||||
| CVE-2007-3173 | 1 Almnzm | 1 Almnzm | 2026-04-23 | N/A |
| Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters. | ||||
| CVE-2009-2327 | 1 Max Kervin | 1 Kervinet Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter. | ||||
| CVE-2007-5137 | 2 Redhat, Tcl Tk | 2 Enterprise Linux, Tcl Tk | 2026-04-23 | N/A |
| Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378. | ||||
| CVE-2007-3193 | 1 Phpwiki | 1 Phpwiki | 2026-04-23 | N/A |
| lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. | ||||