Export limit exceeded: 346583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1301 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2026-04-23 | N/A |
| Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423. | ||||
| CVE-2007-1303 | 1 Rrdbrowse | 1 Rrdbrowse | 2026-04-23 | N/A |
| Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2007-1308 | 2 Kde, Redhat | 2 Konqueror, Enterprise Linux | 2026-04-23 | N/A |
| ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | ||||
| CVE-2007-1320 | 6 Debian, Fedoraproject, Opensuse and 3 more | 7 Debian Linux, Fedora, Fedora Core and 4 more | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. | ||||
| CVE-2007-1324 | 1 Snapgear | 6 560, 580, 585 and 3 more | 2026-04-23 | N/A |
| SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613. | ||||
| CVE-2006-6542 | 1 Fantastic News | 1 Fantastic News | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. | ||||
| CVE-2007-1326 | 1 Serendipity | 1 Serendipity | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | ||||
| CVE-2008-3251 | 1 Tpl Design | 1 Tplsoccersite | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. | ||||
| CVE-2007-1329 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences. | ||||
| CVE-2007-1331 | 1 Tks Banking Solutions | 1 Eportfolio | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1337 | 1 Vmware | 1 Workstation | 2026-04-23 | N/A |
| The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. | ||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2026-04-23 | N/A |
| includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | ||||
| CVE-2008-0510 | 2 Joomla, Mambo | 3 Com Newsletter, Com Newsletter, Mambo | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | ||||
| CVE-2009-0269 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2026-04-23 | N/A |
| fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. | ||||
| CVE-2009-0405 | 1 Smartsitecms | 1 Smartsitecms | 2026-04-23 | N/A |
| SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter. | ||||
| CVE-2007-1347 | 1 Microsoft | 3 Windows 2000, Windows Explorer, Windows Xp | 2026-04-23 | N/A |
| Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. | ||||
| CVE-2009-1645 | 1 Mini-stream | 1 Easy Rm-mp3 Converter | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. | ||||
| CVE-2009-1650 | 1 Tenfourzero | 1 Shutter | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. | ||||
| CVE-2009-1654 | 1 Easy-scripts | 1 Answer And Question Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. | ||||